diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/common/util.c | 9 | ||||
-rw-r--r-- | src/common/util.h | 2 | ||||
-rw-r--r-- | src/or/or.h | 3 | ||||
-rw-r--r-- | src/or/rendservice.c | 22 | ||||
-rw-r--r-- | src/test/test_checkdir.c | 6 |
5 files changed, 22 insertions, 20 deletions
diff --git a/src/common/util.c b/src/common/util.c index 0323264494..c5b47b13f8 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1873,10 +1873,11 @@ file_status(const char *fname) * return -1. If CPD_GROUP_OK is set, then it's okay if the directory * is group-readable, but in all cases we create the directory mode 0700. * If CPD_GROUP_READ is set, existing directory behaves as CPD_GROUP_OK and - * if the directory is created it will use mode 0750 with group read permission. - * Group read privileges also assume execute permission as norm for directories. - * If CPD_CHECK_MODE_ONLY is set, then we don't alter the directory permissions - * if they are too permissive: we just return -1. + * if the directory is created it will use mode 0750 with group read + * permission. Group read privileges also assume execute permission + * as norm for directories. If CPD_CHECK_MODE_ONLY is set, then we don't + * alter the directory permissions if they are too permissive: + * we just return -1. * When effective_user is not NULL, check permissions against the given user * and its primary group. */ diff --git a/src/common/util.h b/src/common/util.h index 755ef4b82a..30dc22852e 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -345,7 +345,7 @@ typedef unsigned int cpd_check_t; #define CPD_CHECK 2 #define CPD_GROUP_OK 4 #define CPD_GROUP_READ 8 -#define CPD_CHECK_MODE_ONLY 16 +#define CPD_CHECK_MODE_ONLY 16 int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user); diff --git a/src/or/or.h b/src/or/or.h index 1544b70996..33a582ba7e 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4224,7 +4224,8 @@ typedef struct { /** Should we send the timestamps that pre-023 hidden services want? */ int Support022HiddenServices; - /** Create the Hidden Service directories and hostname files group readable. */ + /** Create the Hidden Service directories + and hostname files group readable. */ int HiddenServiceDirGroupReadable; } or_options_t; diff --git a/src/or/rendservice.c b/src/or/rendservice.c index a1d572e1ac..75080cbe94 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -95,7 +95,8 @@ typedef struct rend_service_port_config_t { typedef struct rend_service_t { /* Fields specified in config file */ char *directory; /**< where in the filesystem it stores it */ - int dir_group_readable; /**< if 1, allow group read permissions on directory */ + int dir_group_readable; /**< if 1, allow group read + permissions on directory */ smartlist_t *ports; /**< List of rend_service_port_config_t */ rend_auth_type_t auth_type; /**< Client authorization type or 0 if no client * authorization is performed. */ @@ -395,15 +396,20 @@ rend_config_services(const or_options_t *options, int validate_only) return -1; } smartlist_add(service->ports, portcfg); - } else if (!strcasecmp(line->key, "HiddenServiceDirGroupReadable")) { - service->dir_group_readable = (int)tor_parse_long(line->value, 10, 0, 1, &ok, NULL); + } else if (!strcasecmp(line->key, + "HiddenServiceDirGroupReadable")) { + service->dir_group_readable = (int)tor_parse_long(line->value, + 10, 0, 1, &ok, NULL); if (!ok) { - log_warn(LD_CONFIG, "HiddenServiceDirGroupReadable should be 0 or 1, not %s", + log_warn(LD_CONFIG, + "HiddenServiceDirGroupReadable should be 0 or 1, not %s", line->value); rend_service_free(service); return -1; } - log_info(LD_CONFIG, "HiddenServiceDirGroupReadable=%d for %s", service->dir_group_readable, service->directory); + log_info(LD_CONFIG, + "HiddenServiceDirGroupReadable=%d for %s", + service->dir_group_readable, service->directory); } else if (!strcasecmp(line->key, "HiddenServiceAuthorizeClient")) { /* Parse auth type and comma-separated list of client names and add a * rend_authorized_client_t for each client to the service's list @@ -761,9 +767,9 @@ rend_service_load_keys(rend_service_t *s) #ifndef _WIN32 if (s->dir_group_readable) { /* Also verify hostname file created with group read. */ - if (chmod(fname, 0640)) { - log_warn(LD_FS,"Unable to make hidden hostname file %s group-readable.", fname); - } + if (chmod(fname, 0640)) + log_warn(LD_FS,"Unable to make hidden hostname file %s group-readable.", + fname); } #endif diff --git a/src/test/test_checkdir.c b/src/test/test_checkdir.c index 59c1783978..1580e6271d 100644 --- a/src/test/test_checkdir.c +++ b/src/test/test_checkdir.c @@ -43,7 +43,6 @@ test_checkdir_perms(void *testdata) tt_int_op(0, ==, (st.st_mode & unix_verify_optsmask)); tor_free(testdir); - /* test: create new dir, CPD_GROUP_READ option set. */ testdir = get_datadir_fname("checkdir_new_groupread"); cpd_chkopts = CPD_CREATE|CPD_GROUP_READ; @@ -53,7 +52,6 @@ test_checkdir_perms(void *testdata) tt_int_op(0, ==, (st.st_mode & unix_verify_optsmask)); tor_free(testdir); - /* test: check existing dir created with defaults, and verify with CPD_CREATE only. */ testdir = get_datadir_fname("checkdir_exists_none"); @@ -66,7 +64,6 @@ test_checkdir_perms(void *testdata) tt_int_op(0, ==, (st.st_mode & unix_verify_optsmask)); tor_free(testdir); - /* test: check existing dir created with defaults, and verify with CPD_GROUP_OK option set. */ testdir = get_datadir_fname("checkdir_exists_groupok"); @@ -79,7 +76,6 @@ test_checkdir_perms(void *testdata) tt_int_op(0, ==, (st.st_mode & unix_verify_optsmask)); tor_free(testdir); - /* test: check existing dir created with defaults, and verify with CPD_GROUP_READ option set. */ testdir = get_datadir_fname("checkdir_exists_groupread"); @@ -92,7 +88,6 @@ test_checkdir_perms(void *testdata) tt_int_op(0, ==, (st.st_mode & unix_verify_optsmask)); tor_free(testdir); - /* test: check existing dir created with CPD_GROUP_READ, and verify with CPD_GROUP_OK option set. */ testdir = get_datadir_fname("checkdir_existsread_groupok"); @@ -105,7 +100,6 @@ test_checkdir_perms(void *testdata) tt_int_op(0, ==, (st.st_mode & unix_verify_optsmask)); tor_free(testdir); - /* test: check existing dir created with CPD_GROUP_READ, and verify with CPD_GROUP_READ option set. */ testdir = get_datadir_fname("checkdir_existsread_groupread"); |