diff options
| author | David Goulet <dgoulet@torproject.org> | 2017-01-17 14:40:01 -0500 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2017-01-17 14:40:01 -0500 |
| commit | e16148a58218177411939e373d96aa4f152cadc8 (patch) | |
| tree | 4782e9a61bebb9559b6f8126278f4242f87dd0e5 | |
| parent | 92c3926479de1511dc4607fdc1f9b8fa0fa9f47b (diff) | |
| download | tor-e16148a58218177411939e373d96aa4f152cadc8.tar.gz tor-e16148a58218177411939e373d96aa4f152cadc8.zip | |
relay: Honor DataDirectoryGroupReadable at key init
Our config code is checking correctly at DataDirectoryGroupReadable but then
when we initialize the keys, we ignored that option ending up at setting back
the DataDirectory to 0700 instead of 0750. Patch by "redfish".
Fixes #19953
Signed-off-by: David Goulet <dgoulet@torproject.org>
| -rw-r--r-- | changes/bug19953 | 6 | ||||
| -rw-r--r-- | src/or/router.c | 7 | ||||
| -rw-r--r-- | src/or/routerkeys.c | 7 |
3 files changed, 17 insertions, 3 deletions
diff --git a/changes/bug19953 b/changes/bug19953 new file mode 100644 index 0000000000..919018dbb7 --- /dev/null +++ b/changes/bug19953 @@ -0,0 +1,6 @@ + o Minor bugfixes (relay) + - Honor DataDirectoryGroupReadable when tor is a relay. Previously, the + initialization of the keys would reset the DataDirectory to 0700 instead + of 0750 if DataDirectoryGroupReadable was set to 1. Fixes #19953. Patch + by "redfish".; bugfix on tor-0.0.2pre16. + diff --git a/src/or/router.c b/src/or/router.c index 2d8208aa04..e4fa72a283 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -849,7 +849,12 @@ init_keys(void) if (init_keys_common() < 0) return -1; /* Make sure DataDirectory exists, and is private. */ - if (check_private_dir(options->DataDirectory, CPD_CREATE, options->User)) { + cpd_check_t cpd_opts = CPD_CREATE; + if (options->DataDirectoryGroupReadable) + cpd_opts |= CPD_GROUP_READ; + if (check_private_dir(options->DataDirectory, cpd_opts, options->User)) { + log_err(LD_OR, "Can't create/check datadirectory %s", + options->DataDirectory); return -1; } /* Check the key directory. */ diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 51802b15e5..e20787123e 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -785,8 +785,11 @@ load_ed_keys(const or_options_t *options, time_t now) if (options->command == CMD_KEYGEN) flags |= INIT_ED_KEY_TRY_ENCRYPTED; - /* Check the key directory */ - if (check_private_dir(options->DataDirectory, CPD_CREATE, options->User)) { + /* Check/Create the key directory */ + cpd_check_t cpd_opts = CPD_CREATE; + if (options->DataDirectoryGroupReadable) + cpd_opts |= CPD_GROUP_READ; + if (check_private_dir(options->DataDirectory, cpd_opts, options->User)) { log_err(LD_OR, "Can't create/check datadirectory %s", options->DataDirectory); goto err; |