Merge remote-tracking branch 'asn/nickm-bug12864_025' into maint-0.2.5

7 files changed, 33 insertions, 3 deletions

diff --git a/changes/bug12864 b/changes/bug12864
new file mode 100644
index 0000000000..79e751f427
--- /dev/null
+++ b/changes/bug12864
@@ -0,0 +1,7 @@
+  o Minor bugfixes:
+    - Restore the functionality of CookieAuthFileGroupReadable. Fixes bug
+      12864; bugfix on 0.2.5.1-alpha.
+
+  o Minor features:
+    - Add an ExtORPortCookieAuthFileGroupReadable option to make the
+      cookie file for the ExtORPort g+r by default.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 93d302eb9d..04d13fbfbc 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -224,6 +224,13 @@ GENERAL OPTIONS
     for the Extended ORPort's cookie file -- the cookie file is needed
     for pluggable transports to communicate through the Extended ORPort.
 
+[[ExtORPortCookieAuthFileGroupReadable]] **ExtORPortCookieAuthFileGroupReadable** **0**|**1**::
+    If this option is set to 0, don't allow the filesystem group to read the
+    Extended OR Port cookie file. If the option is set to 1, make the cookie
+    file readable by the default GID. [Making the file readable by other
+    groups is not yet implemented; let us know if you need this for some
+    reason.] (Default: 0)
+
 [[ConnLimit]] **ConnLimit** __NUM__::
     The minimum number of file descriptors that must be available to the Tor
     process before it will start. Tor will ask the OS for as many file
@@ -312,7 +319,7 @@ GENERAL OPTIONS
     If set, this option overrides the default location and file name
     for Tor's cookie file. (See CookieAuthentication above.)
 
-[[CookieAuthFileGroupReadable]] **CookieAuthFileGroupReadable** **0**|**1**|__Groupname__::
+[[CookieAuthFileGroupReadable]] **CookieAuthFileGroupReadable** **0**|**1**::
     If this option is set to 0, don't allow the filesystem group to read the
     cookie file. If the option is set to 1, make the cookie file readable by
     the default GID. [Making the file readable by other groups is not yet
diff --git a/src/or/config.c b/src/or/config.c
index 2661ce3b73..f53186a5f9 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -238,6 +238,7 @@ static config_var_t option_vars_[] = {
   V(ExtendAllowPrivateAddresses, BOOL,     "0"),
   VPORT(ExtORPort,               LINELIST, NULL),
   V(ExtORPortCookieAuthFile,     STRING,   NULL),
+  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
   V(ExtraInfoStatistics,         BOOL,     "1"),
   V(FallbackDir,                 LINELIST, NULL),
 
@@ -6824,11 +6825,14 @@ config_maybe_load_geoip_files_(const or_options_t *options,
  *  in <b>cookie_out</b>.
  *  Then write it down to <b>fname</b> and prepend it with <b>header</b>.
  *
+ *  If <b>group_readable</b> is set, set <b>fname</b> to be readable
+ *  by the default GID.
+ *
  *  If the whole procedure was successful, set
  *  <b>cookie_is_set_out</b> to True. */
 int
 init_cookie_authentication(const char *fname, const char *header,
-                           int cookie_len,
+                           int cookie_len, int group_readable,
                            uint8_t **cookie_out, int *cookie_is_set_out)
 {
   char cookie_file_str_len = strlen(header) + cookie_len;
@@ -6861,6 +6865,14 @@ init_cookie_authentication(const char *fname, const char *header,
     goto done;
   }
 
+#ifndef _WIN32
+  if (group_readable) {
+    if (chmod(fname, 0640)) {
+      log_warn(LD_FS,"Unable to make %s group-readable.", escaped(fname));
+    }
+  }
+#endif
+
   /* Success! */
   log_info(LD_GENERAL, "Generated auth cookie file in '%s'.", escaped(fname));
   *cookie_is_set_out = 1;
diff --git a/src/or/config.h b/src/or/config.h
index bf386134b8..8a1919c2ed 100644
--- a/src/or/config.h
+++ b/src/or/config.h
@@ -97,7 +97,7 @@ uint32_t get_effective_bwburst(const or_options_t *options);
 char *get_transport_bindaddr_from_config(const char *transport);
 
 int init_cookie_authentication(const char *fname, const char *header,
-                               int cookie_len,
+                               int cookie_len, int group_readable,
                                uint8_t **cookie_out, int *cookie_is_set_out);
 
 or_options_t *options_new(void);
diff --git a/src/or/control.c b/src/or/control.c
index 9285fc564a..ec63506194 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -4666,6 +4666,7 @@ init_control_cookie_authentication(int enabled)
   fname = get_controller_cookie_file_name();
   retval = init_cookie_authentication(fname, "", /* no header */
                                       AUTHENTICATION_COOKIE_LEN,
+                                   get_options()->CookieAuthFileGroupReadable,
                                       &authentication_cookie,
                                       &authentication_cookie_is_set);
   tor_free(fname);
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index 0d28a9199a..9b550ee90e 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -143,6 +143,7 @@ init_ext_or_cookie_authentication(int is_enabled)
   fname = get_ext_or_auth_cookie_file_name();
   retval = init_cookie_authentication(fname, EXT_OR_PORT_AUTH_COOKIE_HEADER,
                                       EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN,
+                           get_options()->ExtORPortCookieAuthFileGroupReadable,
                                       &ext_or_auth_cookie,
                                       &ext_or_auth_cookie_is_set);
   tor_free(fname);
diff --git a/src/or/or.h b/src/or/or.h
index 131bce3e11..0f1457f783 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3801,6 +3801,8 @@ typedef struct {
   char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended
                                  *   ORPort authentication cookie. */
   int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */
+  int ExtORPortCookieAuthFileGroupReadable; /**< Boolean: Is the
+                                             * ExtORPortCookieAuthFile g+r? */
   int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to
                           * circuits itself (0), or does it expect a controller
                           * to cope? (1) */