From cfd0ee514c279bc6c7b7c299e001693a5aeb1f5f Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 22 May 2014 20:39:10 -0400 Subject: sandbox: allow reading of hidden service configuration files. fixes part of 12064 --- src/or/main.c | 11 ++++++----- src/or/rendservice.c | 25 +++++++++++++++++++++++++ src/or/rendservice.h | 1 + 3 files changed, 32 insertions(+), 5 deletions(-) (limited to 'src/or') diff --git a/src/or/main.c b/src/or/main.c index ba462dcc49..1c855d5279 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2829,13 +2829,14 @@ sandbox_init_filter(void) ); { - smartlist_t *logfiles = smartlist_new(); - tor_log_get_logfile_names(logfiles); - SMARTLIST_FOREACH(logfiles, char *, logfile_name, { + smartlist_t *files = smartlist_new(); + tor_log_get_logfile_names(files); + rend_services_add_filenames_to_list(files); + SMARTLIST_FOREACH(files, char *, file_name, { /* steals reference */ - sandbox_cfg_allow_open_filename(&cfg, logfile_name); + sandbox_cfg_allow_open_filename(&cfg, file_name); }); - smartlist_free(logfiles); + smartlist_free(files); } { diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 5a81d07856..631e2a0f2e 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -656,6 +656,31 @@ rend_service_load_all_keys(void) return 0; } +/** Add to lst every filename used by s. */ +static void +rend_service_add_filenames_to_list(smartlist_t *lst, const rend_service_t *s) +{ + tor_assert(lst); + tor_assert(s); + smartlist_add_asprintf(lst, "%s"PATH_SEPARATOR"private_key", + s->directory); + smartlist_add_asprintf(lst, "%s"PATH_SEPARATOR"hostname", + s->directory); + smartlist_add_asprintf(lst, "%s"PATH_SEPARATOR"client_keys", + s->directory); +} + +/** Add to lst every filename used by a configured hidden service */ +void +rend_services_add_filenames_to_list(smartlist_t *lst) +{ + if (!rend_service_list) + return; + SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, s) { + rend_service_add_filenames_to_list(lst, s); + } SMARTLIST_FOREACH_END(s); +} + /** Load and/or generate private keys for the hidden service s, * possibly including keys for client authorization. Return 0 on success, -1 * on failure. */ diff --git a/src/or/rendservice.h b/src/or/rendservice.h index 4a810eb521..e8a953665b 100644 --- a/src/or/rendservice.h +++ b/src/or/rendservice.h @@ -71,6 +71,7 @@ struct rend_intro_cell_s { int num_rend_services(void); int rend_config_services(const or_options_t *options, int validate_only); int rend_service_load_all_keys(void); +void rend_services_add_filenames_to_list(smartlist_t *lst); void rend_services_introduce(void); void rend_consider_services_upload(time_t now); void rend_hsdir_routers_changed(void); -- cgit v1.2.3-54-g00ecf