Restore functionality for CookieAuthFileGroupReadable.

When we merged the cookieauthfile creation logic in 33c3e60a37, we
accidentally took out this feature.  Fixes bug 12864, bugfix on
0.2.5.1-alpha.

Also adds an ExtORPortCookieAuthFileGroupReadable, since there's no
reason not to.

7 files changed, 29 insertions, 2 deletions

diff --git a/changes/bug12864 b/changes/bug12864
new file mode 100644
index 0000000000..79e751f427
--- /dev/null
+++ b/changes/bug12864
@@ -0,0 +1,7 @@
+  o Minor bugfixes:
+    - Restore the functionality of CookieAuthFileGroupReadable. Fixes bug
+      12864; bugfix on 0.2.5.1-alpha.
+
+  o Minor features:
+    - Add an ExtORPortCookieAuthFileGroupReadable option to make the
+      cookie file for the ExtORPort g+r by default.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 93d302eb9d..a85bc34803 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -224,6 +224,13 @@ GENERAL OPTIONS
     for the Extended ORPort's cookie file -- the cookie file is needed
     for pluggable transports to communicate through the Extended ORPort.
 
+[[ExtORPortCookieAuthFileGroupReadable]] **ExtORPortCookieAuthFileGroupReadable** **0**|**1**::
+    If this option is set to 0, don't allow the filesystem group to read the
+    Extende OR Port cookie file. If the option is set to 1, make the cookie
+    file readable by the default GID. [Making the file readable by other
+    groups is not yet implemented; let us know if you need this for some
+    reason.] (Default: 0)
+
 [[ConnLimit]] **ConnLimit** __NUM__::
     The minimum number of file descriptors that must be available to the Tor
     process before it will start. Tor will ask the OS for as many file
diff --git a/src/or/config.c b/src/or/config.c
index 2661ce3b73..20fde3bd20 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -238,6 +238,7 @@ static config_var_t option_vars_[] = {
   V(ExtendAllowPrivateAddresses, BOOL,     "0"),
   VPORT(ExtORPort,               LINELIST, NULL),
   V(ExtORPortCookieAuthFile,     STRING,   NULL),
+  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
   V(ExtraInfoStatistics,         BOOL,     "1"),
   V(FallbackDir,                 LINELIST, NULL),
 
@@ -6828,7 +6829,7 @@ config_maybe_load_geoip_files_(const or_options_t *options,
  *  <b>cookie_is_set_out</b> to True. */
 int
 init_cookie_authentication(const char *fname, const char *header,
-                           int cookie_len,
+                           int cookie_len, int group_readable,
                            uint8_t **cookie_out, int *cookie_is_set_out)
 {
   char cookie_file_str_len = strlen(header) + cookie_len;
@@ -6861,6 +6862,14 @@ init_cookie_authentication(const char *fname, const char *header,
     goto done;
   }
 
+#ifndef _WIN32
+  if (group_readable) {
+    if (chmod(fname, 0640)) {
+      log_warn(LD_FS,"Unable to make %s group-readable.", escaped(fname));
+    }
+  }
+#endif
+
   /* Success! */
   log_info(LD_GENERAL, "Generated auth cookie file in '%s'.", escaped(fname));
   *cookie_is_set_out = 1;
diff --git a/src/or/config.h b/src/or/config.h
index bf386134b8..8a1919c2ed 100644
--- a/src/or/config.h
+++ b/src/or/config.h
@@ -97,7 +97,7 @@ uint32_t get_effective_bwburst(const or_options_t *options);
 char *get_transport_bindaddr_from_config(const char *transport);
 
 int init_cookie_authentication(const char *fname, const char *header,
-                               int cookie_len,
+                               int cookie_len, int group_readable,
                                uint8_t **cookie_out, int *cookie_is_set_out);
 
 or_options_t *options_new(void);
diff --git a/src/or/control.c b/src/or/control.c
index 9285fc564a..ec63506194 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -4666,6 +4666,7 @@ init_control_cookie_authentication(int enabled)
   fname = get_controller_cookie_file_name();
   retval = init_cookie_authentication(fname, "", /* no header */
                                       AUTHENTICATION_COOKIE_LEN,
+                                   get_options()->CookieAuthFileGroupReadable,
                                       &authentication_cookie,
                                       &authentication_cookie_is_set);
   tor_free(fname);
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index 0d28a9199a..9b550ee90e 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -143,6 +143,7 @@ init_ext_or_cookie_authentication(int is_enabled)
   fname = get_ext_or_auth_cookie_file_name();
   retval = init_cookie_authentication(fname, EXT_OR_PORT_AUTH_COOKIE_HEADER,
                                       EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN,
+                           get_options()->ExtORPortCookieAuthFileGroupReadable,
                                       &ext_or_auth_cookie,
                                       &ext_or_auth_cookie_is_set);
   tor_free(fname);
diff --git a/src/or/or.h b/src/or/or.h
index 131bce3e11..0f1457f783 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3801,6 +3801,8 @@ typedef struct {
   char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended
                                  *   ORPort authentication cookie. */
   int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */
+  int ExtORPortCookieAuthFileGroupReadable; /**< Boolean: Is the
+                                             * ExtORPortCookieAuthFile g+r? */
   int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to
                           * circuits itself (0), or does it expect a controller
                           * to cope? (1) */