commit 1865e02e6c22ee55b0bb11b8c78330d4e65a1132 Author: Robert Frohl Date: Wed Jan 13 14:18:36 2021 +0100 Warn if user can't access dumpcap. diff --git a/capchild/capture_sync.c b/capchild/capture_sync.c index f31914886a..d3baab6c50 100644 --- a/capture/capture_sync.c +++ b/capture/capture_sync.c @@ -24,6 +24,10 @@ #include #include +#include +#include +#include + #ifdef _WIN32 #include #include @@ -592,11 +596,22 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session, inf * Child process - run dumpcap with the right arguments to make * it just capture with the specified capture parameters */ + char * grp_warning = calloc(1, 256); dup2(sync_pipe[PIPE_WRITE], 2); ws_close(sync_pipe[PIPE_READ]); execv(argv[0], argv); - g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s", - argv[0], g_strerror(errno)); + if (errno == EPERM || errno == EACCES) { + struct stat statbuf; + struct group *grp; + if(stat("/usr/bin/dumpcap", &statbuf) == 0) { + if ((grp = getgrgid(statbuf.st_gid)) != NULL) { + snprintf(grp_warning , 256, "\nYou need to be a member of the '%s' group. Try running\n'usermod -a -G %s ' as root.", grp->gr_name, grp->gr_name); + } + } + } + g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s", + argv[0], g_strerror(errno), grp_warning); + free(grp_warning); sync_pipe_errmsg_to_parent(2, errmsg, ""); /* Exit with "_exit()", so that we don't close the connection @@ -827,6 +842,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd, * Child process - run dumpcap with the right arguments to make * it just capture with the specified capture parameters */ + char * grp_warning = calloc(1, 256); dup2(data_pipe[PIPE_WRITE], 1); ws_close(data_pipe[PIPE_READ]); ws_close(data_pipe[PIPE_WRITE]); @@ -834,8 +850,18 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd, ws_close(sync_pipe[PIPE_READ]); ws_close(sync_pipe[PIPE_WRITE]); execv(argv[0], argv); - g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s", - argv[0], g_strerror(errno)); + if (errno == EPERM || errno == EACCES) { + struct stat statbuf; + struct group *grp; + if(stat("/usr/bin/dumpcap", &statbuf) == 0) { + if ((grp = getgrgid(statbuf.st_gid)) != NULL) { + snprintf(grp_warning , 256, "\nYou need to be a member of the '%s' group. Try running\n'usermod -a -G %s ' as root.", grp->gr_name, grp->gr_name); + } + } + } + g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s", + argv[0], g_strerror(errno), grp_warning); + free(grp_warning); sync_pipe_errmsg_to_parent(2, errmsg, ""); /* Exit with "_exit()", so that we don't close the connection