diff options
| author | Nick Mathewson <nickm@torproject.org> | 2007-08-16 17:46:01 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2007-08-16 17:46:01 +0000 |
| commit | 718953dbe97446e0c2b4b1ccae3b2be0d36473a1 (patch) | |
| tree | d072e9f51dfd268b86131c14fd2860961cbff92b | |
| parent | f4398feadb8e3c1af51a825ac0eafe5abc08683d (diff) | |
| download | tor-718953dbe97446e0c2b4b1ccae3b2be0d36473a1.tar.gz tor-718953dbe97446e0c2b4b1ccae3b2be0d36473a1.zip | |
r14606@catbus: nickm | 2007-08-16 13:45:01 -0400
Implement CookieAuthFile and CookieAuthFileGroupReadable. Backport candidate.
svn:r11141
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | doc/tor.1.in | 13 | ||||
| -rw-r--r-- | src/or/config.c | 3 | ||||
| -rw-r--r-- | src/or/control.c | 22 | ||||
| -rw-r--r-- | src/or/or.h | 2 |
5 files changed, 37 insertions, 5 deletions
@@ -31,6 +31,8 @@ Changes in version 0.2.0.5-alpha - 2007-??-?? before any authentication has been received. It tells a controller what kind of authentication is expected, and what protocol is spoken. Implements proposal 119. + - Implement options to allow the controller to pick a new location for + the cookie authentication file, and to make it group-readable. o Minor bugfixes (other): - If we require CookieAuthentication but we fail to write the diff --git a/doc/tor.1.in b/doc/tor.1.in index 41a99fa5fb..7c92fd4823 100644 --- a/doc/tor.1.in +++ b/doc/tor.1.in @@ -170,6 +170,19 @@ authentication methods should only be used on systems with good filesystem security. (Default: 0) .LP .TP +\fBCookieAuthFile \fR\fIPath\fP +If set, this option overrides the default location and file name for Tor's +cookie file. (See CookieAuthentication above.) +.LP +.TP +\fBCookieAuthFileGroupReadable \fR\fB0\fR|\fB1\R|\fIGroupName\fP +If this option is set to 0, don't allow the filesystem group to read +the cookie file. If the option is set to 1, make the cookie file +readable by the default GID. [Making the file readable by other +groups is not yet implemented; let us know if you need this for some +reason.] (Default: 0). +.LP +.TP \fBDataDirectory \fR\fIDIR\fP Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor) .LP diff --git a/src/or/config.c b/src/or/config.c index 5b562adc71..2ee672384f 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -152,6 +152,9 @@ static config_var_t _option_vars[] = { VAR("ControlPort", UINT, ControlPort, "0"), VAR("ControlSocket", LINELIST, ControlSocket, NULL), VAR("CookieAuthentication",BOOL, CookieAuthentication, "0"), + VAR("CookieAuthFileGroupReadable",BOOL, CookieAuthFileGroupReadable, "0"), + VAR("CookieAuthFile", STRING, CookieAuthFile, "0"), + VAR("CookieAuthentication",BOOL, CookieAuthentication, "0"), VAR("DataDirectory", STRING, DataDirectory, NULL), OBSOLETE("DebugLogFile"), VAR("DirAllowPrivateAddresses",BOOL, DirAllowPrivateAddresses, NULL), diff --git a/src/or/control.c b/src/or/control.c index 5a256783df..67b56f40db 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -3434,11 +3434,16 @@ control_event_guard(const char *nickname, const char *digest, static char * get_cookie_file(void) { - const char *datadir = get_options()->DataDirectory; - size_t len = strlen(datadir)+64; - char *fname = tor_malloc(len); - tor_snprintf(fname, len, "%s"PATH_SEPARATOR"control_auth_cookie", datadir); - return fname; + or_options_t *options = get_options(); + if (options->CookieAuthFile && strlen(options->CookieAuthFile)) { + return tor_strdup(options->CookieAuthFile); + } else { + const char *datadir = get_options()->DataDirectory; + size_t len = strlen(datadir)+64; + char *fname = tor_malloc(len); + tor_snprintf(fname, len, "%s"PATH_SEPARATOR"control_auth_cookie", datadir); + return fname; + } } /** Choose a random authentication cookie and write it to disk. @@ -3469,6 +3474,13 @@ init_cookie_authentication(int enabled) tor_free(fname); return -1; } +#ifndef MS_WINDOWS + if (get_options()->CookieAuthFileGroupReadable) { + if (chmod(fname, 0640)) { + log_warn(LD_FS,"Unable to make %s group-readable.", escaped(fname)); + } + } +#endif tor_free(fname); return 0; diff --git a/src/or/or.h b/src/or/or.h index f7b77a3361..0864d24e5e 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2022,6 +2022,8 @@ typedef struct { * the control system. */ int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for * the control system? */ + char *CookieAuthFile; /**< Location of a cookie authentication file. */ + int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */ int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to * circuits itself (0), or does it expect a controller * to cope? (1) */ |