mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 13:13:44 +01:00
Restore functionality for CookieAuthFileGroupReadable.
When we merged the cookieauthfile creation logic in 33c3e60a37
, we
accidentally took out this feature. Fixes bug 12864, bugfix on
0.2.5.1-alpha.
Also adds an ExtORPortCookieAuthFileGroupReadable, since there's no
reason not to.
This commit is contained in:
parent
d443658fad
commit
0808ed83f9
7
changes/bug12864
Normal file
7
changes/bug12864
Normal file
@ -0,0 +1,7 @@
|
||||
o Minor bugfixes:
|
||||
- Restore the functionality of CookieAuthFileGroupReadable. Fixes bug
|
||||
12864; bugfix on 0.2.5.1-alpha.
|
||||
|
||||
o Minor features:
|
||||
- Add an ExtORPortCookieAuthFileGroupReadable option to make the
|
||||
cookie file for the ExtORPort g+r by default.
|
@ -224,6 +224,13 @@ GENERAL OPTIONS
|
||||
for the Extended ORPort's cookie file -- the cookie file is needed
|
||||
for pluggable transports to communicate through the Extended ORPort.
|
||||
|
||||
[[ExtORPortCookieAuthFileGroupReadable]] **ExtORPortCookieAuthFileGroupReadable** **0**|**1**::
|
||||
If this option is set to 0, don't allow the filesystem group to read the
|
||||
Extende OR Port cookie file. If the option is set to 1, make the cookie
|
||||
file readable by the default GID. [Making the file readable by other
|
||||
groups is not yet implemented; let us know if you need this for some
|
||||
reason.] (Default: 0)
|
||||
|
||||
[[ConnLimit]] **ConnLimit** __NUM__::
|
||||
The minimum number of file descriptors that must be available to the Tor
|
||||
process before it will start. Tor will ask the OS for as many file
|
||||
|
@ -238,6 +238,7 @@ static config_var_t option_vars_[] = {
|
||||
V(ExtendAllowPrivateAddresses, BOOL, "0"),
|
||||
VPORT(ExtORPort, LINELIST, NULL),
|
||||
V(ExtORPortCookieAuthFile, STRING, NULL),
|
||||
V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
|
||||
V(ExtraInfoStatistics, BOOL, "1"),
|
||||
V(FallbackDir, LINELIST, NULL),
|
||||
|
||||
@ -6828,7 +6829,7 @@ config_maybe_load_geoip_files_(const or_options_t *options,
|
||||
* <b>cookie_is_set_out</b> to True. */
|
||||
int
|
||||
init_cookie_authentication(const char *fname, const char *header,
|
||||
int cookie_len,
|
||||
int cookie_len, int group_readable,
|
||||
uint8_t **cookie_out, int *cookie_is_set_out)
|
||||
{
|
||||
char cookie_file_str_len = strlen(header) + cookie_len;
|
||||
@ -6861,6 +6862,14 @@ init_cookie_authentication(const char *fname, const char *header,
|
||||
goto done;
|
||||
}
|
||||
|
||||
#ifndef _WIN32
|
||||
if (group_readable) {
|
||||
if (chmod(fname, 0640)) {
|
||||
log_warn(LD_FS,"Unable to make %s group-readable.", escaped(fname));
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Success! */
|
||||
log_info(LD_GENERAL, "Generated auth cookie file in '%s'.", escaped(fname));
|
||||
*cookie_is_set_out = 1;
|
||||
|
@ -97,7 +97,7 @@ uint32_t get_effective_bwburst(const or_options_t *options);
|
||||
char *get_transport_bindaddr_from_config(const char *transport);
|
||||
|
||||
int init_cookie_authentication(const char *fname, const char *header,
|
||||
int cookie_len,
|
||||
int cookie_len, int group_readable,
|
||||
uint8_t **cookie_out, int *cookie_is_set_out);
|
||||
|
||||
or_options_t *options_new(void);
|
||||
|
@ -4666,6 +4666,7 @@ init_control_cookie_authentication(int enabled)
|
||||
fname = get_controller_cookie_file_name();
|
||||
retval = init_cookie_authentication(fname, "", /* no header */
|
||||
AUTHENTICATION_COOKIE_LEN,
|
||||
get_options()->CookieAuthFileGroupReadable,
|
||||
&authentication_cookie,
|
||||
&authentication_cookie_is_set);
|
||||
tor_free(fname);
|
||||
|
@ -143,6 +143,7 @@ init_ext_or_cookie_authentication(int is_enabled)
|
||||
fname = get_ext_or_auth_cookie_file_name();
|
||||
retval = init_cookie_authentication(fname, EXT_OR_PORT_AUTH_COOKIE_HEADER,
|
||||
EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN,
|
||||
get_options()->ExtORPortCookieAuthFileGroupReadable,
|
||||
&ext_or_auth_cookie,
|
||||
&ext_or_auth_cookie_is_set);
|
||||
tor_free(fname);
|
||||
|
@ -3801,6 +3801,8 @@ typedef struct {
|
||||
char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended
|
||||
* ORPort authentication cookie. */
|
||||
int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */
|
||||
int ExtORPortCookieAuthFileGroupReadable; /**< Boolean: Is the
|
||||
* ExtORPortCookieAuthFile g+r? */
|
||||
int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to
|
||||
* circuits itself (0), or does it expect a controller
|
||||
* to cope? (1) */
|
||||
|
Loading…
Reference in New Issue
Block a user