diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-08-15 17:41:13 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-08-15 17:41:13 -0400 |
| commit | 1f35fd0017240a82ae48475a989819aa81a297dc (patch) | |
| tree | 4d7fb326b4ca734228671b10391b8c7bbb1b643a /src/or | |
| parent | be231b0db196513036ee624dc5b9b87c4f898625 (diff) | |
| parent | 967b4e7c54b53391e1a0b67e0a5bf70bc2e6a896 (diff) | |
| download | tor-1f35fd0017240a82ae48475a989819aa81a297dc.tar.gz tor-1f35fd0017240a82ae48475a989819aa81a297dc.zip | |
Merge remote-tracking branch 'origin/maint-0.2.5'
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/config.c | 14 | ||||
| -rw-r--r-- | src/or/config.h | 2 | ||||
| -rw-r--r-- | src/or/control.c | 1 | ||||
| -rw-r--r-- | src/or/ext_orport.c | 1 | ||||
| -rw-r--r-- | src/or/or.h | 2 |
5 files changed, 18 insertions, 2 deletions
diff --git a/src/or/config.c b/src/or/config.c index 2535a72d39..f6cedfa5c9 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -238,6 +238,7 @@ static config_var_t option_vars_[] = { V(ExtendAllowPrivateAddresses, BOOL, "0"), VPORT(ExtORPort, LINELIST, NULL), V(ExtORPortCookieAuthFile, STRING, NULL), + V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"), V(ExtraInfoStatistics, BOOL, "1"), V(FallbackDir, LINELIST, NULL), @@ -6843,11 +6844,14 @@ config_maybe_load_geoip_files_(const or_options_t *options, * in <b>cookie_out</b>. * Then write it down to <b>fname</b> and prepend it with <b>header</b>. * + * If <b>group_readable</b> is set, set <b>fname</b> to be readable + * by the default GID. + * * If the whole procedure was successful, set * <b>cookie_is_set_out</b> to True. */ int init_cookie_authentication(const char *fname, const char *header, - int cookie_len, + int cookie_len, int group_readable, uint8_t **cookie_out, int *cookie_is_set_out) { char cookie_file_str_len = strlen(header) + cookie_len; @@ -6880,6 +6884,14 @@ init_cookie_authentication(const char *fname, const char *header, goto done; } +#ifndef _WIN32 + if (group_readable) { + if (chmod(fname, 0640)) { + log_warn(LD_FS,"Unable to make %s group-readable.", escaped(fname)); + } + } +#endif + /* Success! */ log_info(LD_GENERAL, "Generated auth cookie file in '%s'.", escaped(fname)); *cookie_is_set_out = 1; diff --git a/src/or/config.h b/src/or/config.h index bf386134b8..8a1919c2ed 100644 --- a/src/or/config.h +++ b/src/or/config.h @@ -97,7 +97,7 @@ uint32_t get_effective_bwburst(const or_options_t *options); char *get_transport_bindaddr_from_config(const char *transport); int init_cookie_authentication(const char *fname, const char *header, - int cookie_len, + int cookie_len, int group_readable, uint8_t **cookie_out, int *cookie_is_set_out); or_options_t *options_new(void); diff --git a/src/or/control.c b/src/or/control.c index 9285fc564a..ec63506194 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -4666,6 +4666,7 @@ init_control_cookie_authentication(int enabled) fname = get_controller_cookie_file_name(); retval = init_cookie_authentication(fname, "", /* no header */ AUTHENTICATION_COOKIE_LEN, + get_options()->CookieAuthFileGroupReadable, &authentication_cookie, &authentication_cookie_is_set); tor_free(fname); diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c index 0d28a9199a..9b550ee90e 100644 --- a/src/or/ext_orport.c +++ b/src/or/ext_orport.c @@ -143,6 +143,7 @@ init_ext_or_cookie_authentication(int is_enabled) fname = get_ext_or_auth_cookie_file_name(); retval = init_cookie_authentication(fname, EXT_OR_PORT_AUTH_COOKIE_HEADER, EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN, + get_options()->ExtORPortCookieAuthFileGroupReadable, &ext_or_auth_cookie, &ext_or_auth_cookie_is_set); tor_free(fname); diff --git a/src/or/or.h b/src/or/or.h index 0419111a4e..80b552dbb1 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3803,6 +3803,8 @@ typedef struct { char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended * ORPort authentication cookie. */ int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */ + int ExtORPortCookieAuthFileGroupReadable; /**< Boolean: Is the + * ExtORPortCookieAuthFile g+r? */ int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to * circuits itself (0), or does it expect a controller * to cope? (1) */ |