summaryrefslogtreecommitdiff
path: root/src/or/rendservice.c
diff options
context:
space:
mode:
authoranonymous <anon@fakeanonemail.org>2014-08-28 18:10:21 +0000
committermeejah <meejah@meejah.ca>2014-08-30 15:23:05 -0600
commitc13db1f6143cf99830dc73dd527898e711e6b704 (patch)
treec09814e3dc2a5da84969f9d04da58287d4f3737f /src/or/rendservice.c
parentf113a263deda8e1619f46cd913fc24ac28da832d (diff)
downloadtor-c13db1f6143cf99830dc73dd527898e711e6b704.tar.gz
tor-c13db1f6143cf99830dc73dd527898e711e6b704.zip
Ticket #11291: patch from "anon":
test-11291-group-redable-hsdirs-wtests-may8.patch
Diffstat (limited to 'src/or/rendservice.c')
-rw-r--r--src/or/rendservice.c36
1 files changed, 31 insertions, 5 deletions
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 749d6fa880..83e6a3b82c 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -368,10 +368,12 @@ rend_config_services(const or_options_t *options, int validate_only)
for (line = options->RendConfigLines; line; line = line->next) {
if (!strcasecmp(line->key, "HiddenServiceDir")) {
if (service) { /* register the one we just finished parsing */
- if (validate_only)
+ if (validate_only) {
rend_service_free(service);
- else
+ }
+ else {
rend_add_service(service);
+ }
}
service = tor_malloc_zero(sizeof(rend_service_t));
service->directory = tor_strdup(line->value);
@@ -513,10 +515,12 @@ rend_config_services(const or_options_t *options, int validate_only)
}
}
if (service) {
- if (validate_only)
+ if (validate_only) {
rend_service_free(service);
- else
+ }
+ else {
rend_add_service(service);
+ }
}
/* If this is a reload and there were hidden services configured before,
@@ -693,10 +697,23 @@ rend_service_load_keys(rend_service_t *s)
{
char fname[512];
char buf[128];
+ cpd_check_t check_opts = CPD_CREATE;
+ if (get_options()->HiddenServiceGroupReadable) {
+ check_opts |= CPD_GROUP_READ;
+ }
/* Check/create directory */
- if (check_private_dir(s->directory, CPD_CREATE, get_options()->User) < 0)
+ if (check_private_dir(s->directory, check_opts, get_options()->User) < 0) {
return -1;
+ }
+#ifndef _WIN32
+ if (get_options()->HiddenServiceGroupReadable) {
+ /** Only new dirs created get new opts, also enforce group read. */
+ if (chmod(s->directory, STAT_RWXU|STAT_RGRP|STAT_XGRP)) {
+ log_warn(LD_FS,"Unable to make %s group-readable.", s->directory);
+ }
+ }
+#endif
/* Load key */
if (strlcpy(fname,s->directory,sizeof(fname)) >= sizeof(fname) ||
@@ -733,6 +750,15 @@ rend_service_load_keys(rend_service_t *s)
memwipe(buf, 0, sizeof(buf));
return -1;
}
+#ifndef _WIN32
+ if (get_options()->HiddenServiceGroupReadable) {
+ /** Also verify hostname file created with group read. */
+ if (chmod(fname, STAT_RUSR|STAT_WUSR|STAT_RGRP)) {
+ log_warn(LD_FS,"Unable to make hidden hostname file %s group-readable.", fname);
+ }
+ }
+#endif
+
memwipe(buf, 0, sizeof(buf));
/* If client authorization is configured, load or generate keys. */