diff options
author | Nick Mathewson <nickm@torproject.org> | 2014-05-22 20:39:10 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2014-05-22 20:39:10 -0400 |
commit | cfd0ee514c279bc6c7b7c299e001693a5aeb1f5f (patch) | |
tree | 7d0c0b49612a79875133fbf509410875d5d3427b /src | |
parent | 85f49abfbe50d29e4314ed0a3b436f3b14162d00 (diff) | |
download | tor-cfd0ee514c279bc6c7b7c299e001693a5aeb1f5f.tar.gz tor-cfd0ee514c279bc6c7b7c299e001693a5aeb1f5f.zip |
sandbox: allow reading of hidden service configuration files.
fixes part of 12064
Diffstat (limited to 'src')
-rw-r--r-- | src/or/main.c | 11 | ||||
-rw-r--r-- | src/or/rendservice.c | 25 | ||||
-rw-r--r-- | src/or/rendservice.h | 1 |
3 files changed, 32 insertions, 5 deletions
diff --git a/src/or/main.c b/src/or/main.c index ba462dcc49..1c855d5279 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2829,13 +2829,14 @@ sandbox_init_filter(void) ); { - smartlist_t *logfiles = smartlist_new(); - tor_log_get_logfile_names(logfiles); - SMARTLIST_FOREACH(logfiles, char *, logfile_name, { + smartlist_t *files = smartlist_new(); + tor_log_get_logfile_names(files); + rend_services_add_filenames_to_list(files); + SMARTLIST_FOREACH(files, char *, file_name, { /* steals reference */ - sandbox_cfg_allow_open_filename(&cfg, logfile_name); + sandbox_cfg_allow_open_filename(&cfg, file_name); }); - smartlist_free(logfiles); + smartlist_free(files); } { diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 5a81d07856..631e2a0f2e 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -656,6 +656,31 @@ rend_service_load_all_keys(void) return 0; } +/** Add to <b>lst</b> every filename used by <b>s</b>. */ +static void +rend_service_add_filenames_to_list(smartlist_t *lst, const rend_service_t *s) +{ + tor_assert(lst); + tor_assert(s); + smartlist_add_asprintf(lst, "%s"PATH_SEPARATOR"private_key", + s->directory); + smartlist_add_asprintf(lst, "%s"PATH_SEPARATOR"hostname", + s->directory); + smartlist_add_asprintf(lst, "%s"PATH_SEPARATOR"client_keys", + s->directory); +} + +/** Add to <b>lst</b> every filename used by a configured hidden service */ +void +rend_services_add_filenames_to_list(smartlist_t *lst) +{ + if (!rend_service_list) + return; + SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, s) { + rend_service_add_filenames_to_list(lst, s); + } SMARTLIST_FOREACH_END(s); +} + /** Load and/or generate private keys for the hidden service <b>s</b>, * possibly including keys for client authorization. Return 0 on success, -1 * on failure. */ diff --git a/src/or/rendservice.h b/src/or/rendservice.h index 4a810eb521..e8a953665b 100644 --- a/src/or/rendservice.h +++ b/src/or/rendservice.h @@ -71,6 +71,7 @@ struct rend_intro_cell_s { int num_rend_services(void); int rend_config_services(const or_options_t *options, int validate_only); int rend_service_load_all_keys(void); +void rend_services_add_filenames_to_list(smartlist_t *lst); void rend_services_introduce(void); void rend_consider_services_upload(time_t now); void rend_hsdir_routers_changed(void); |