drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-05-01 11:22:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

nfqws, tpws : read cap_last_cap to avoid errors on some systems

Browse Source
This commit is contained in:
bolvan 2019-05-20 20:38:17 +03:00
parent 7504f697ce
commit b8696afdb7
18 changed files with 32 additions and 12 deletions
binaries
aarch64
nfqwstpws
armhf
nfqwstpws
mips32r1-lsb
nfqwstpws
mips32r1-msb
nfqwstpws
mips64r2-msb
nfqwstpws
ppc
nfqwstpws
x86
nfqwstpws
x86_64
nfqwstpws
nfq
nfqws.c
tpws
tpws.c

BIN
binaries/aarch64/nfqws

Binary file not shown.

BIN
binaries/aarch64/tpws

Binary file not shown.

BIN
binaries/armhf/nfqws

Binary file not shown.

BIN
binaries/armhf/tpws

Binary file not shown.

BIN
binaries/mips32r1-lsb/nfqws

Binary file not shown.

BIN
binaries/mips32r1-lsb/tpws

Binary file not shown.

BIN
binaries/mips32r1-msb/nfqws

Binary file not shown.

BIN
binaries/mips32r1-msb/tpws

Binary file not shown.

BIN
binaries/mips64r2-msb/nfqws

Binary file not shown.

BIN
binaries/mips64r2-msb/tpws

Binary file not shown.

BIN
binaries/ppc/nfqws

Binary file not shown.

BIN
binaries/ppc/tpws

Binary file not shown.

BIN
binaries/x86/nfqws

Binary file not shown.

BIN
binaries/x86/tpws

Binary file not shown.

BIN
binaries/x86_64/nfqws

Binary file not shown.

BIN
binaries/x86_64/tpws

Binary file not shown.

18
nfq/nfqws.c

@ -387,26 +387,36 @@ bool setpcap(cap_value_t *caps,int ncaps)
cap_free(capabilities); cap_free(capabilities);
return true; return true;
} }
int getmaxcap()
{
int maxcap = CAP_LAST_CAP;
FILE *F = fopen("/proc/sys/kernel/cap_last_cap","r");
if (F)
{
fscanf(F,"%d",&maxcap);
fclose(F);
}
return maxcap;
}
bool dropcaps() bool dropcaps()
{ {
// must have CAP_SETPCAP at the end. its required to clear bounding set // must have CAP_SETPCAP at the end. its required to clear bounding set
cap_value_t cap_values[] = {CAP_NET_ADMIN,CAP_SETPCAP}; cap_value_t cap_values[] = {CAP_NET_ADMIN,CAP_SETPCAP};
int capct=sizeof(cap_values)/sizeof(*cap_values); int capct=sizeof(cap_values)/sizeof(*cap_values);
int maxcap = getmaxcap();
if (setpcap(cap_values, capct)) if (setpcap(cap_values, capct))
{ {
for(int cap=0;cap<=63;cap++) for(int cap=0;cap<=maxcap;cap++)
{ {
if (cap_drop_bound(cap)) if (cap_drop_bound(cap))
{
if (errno!=EINVAL)
{ {
fprintf(stderr,"could not drop cap %d\n",cap); fprintf(stderr,"could not drop cap %d\n",cap);
perror("cap_drop_bound"); perror("cap_drop_bound");
} }
} }
} }
}
// now without CAP_SETPCAP // now without CAP_SETPCAP
if (!setpcap(cap_values, capct - 1)) if (!setpcap(cap_values, capct - 1))
{ {

18
tpws/tpws.c

@ -816,26 +816,36 @@ bool setpcap(cap_value_t *caps,int ncaps)
cap_free(capabilities); cap_free(capabilities);
return true; return true;
} }
int getmaxcap()
{
int maxcap = CAP_LAST_CAP;
FILE *F = fopen("/proc/sys/kernel/cap_last_cap","r");
if (F)
{
fscanf(F,"%d",&maxcap);
fclose(F);
}
return maxcap;
}
bool dropcaps() bool dropcaps()
{ {
// must have CAP_SETPCAP at the end. its required to clear bounding set // must have CAP_SETPCAP at the end. its required to clear bounding set
cap_value_t cap_values[] = {CAP_SETPCAP}; cap_value_t cap_values[] = {CAP_SETPCAP};
int capct=sizeof(cap_values)/sizeof(*cap_values); int capct=sizeof(cap_values)/sizeof(*cap_values);
int maxcap = getmaxcap();
if (setpcap(cap_values, capct)) if (setpcap(cap_values, capct))
{ {
for(int cap=0;cap<=63;cap++) for(int cap=0;cap<=maxcap;cap++)
{ {
if (cap_drop_bound(cap)) if (cap_drop_bound(cap))
{
if (errno!=EINVAL)
{ {
fprintf(stderr,"could not drop cap %d\n",cap); fprintf(stderr,"could not drop cap %d\n",cap);
perror("cap_drop_bound"); perror("cap_drop_bound");
} }
} }
} }
}
// now without CAP_SETPCAP // now without CAP_SETPCAP
if (!setpcap(cap_values, capct - 1)) if (!setpcap(cap_values, capct - 1))
{ {