mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 06:13:31 +01:00
Add a new flag to check_private_dir to make it _not_ change permissions
We'll need this for checking permissions on the directories that hold control sockets: if somebody says "ControlSocket ~/foo", it would be pretty rude to do a chmod 700 on their homedir.
This commit is contained in:
parent
3b6cbf2534
commit
5d147d8527
@ -1670,6 +1670,8 @@ file_status(const char *fname)
|
|||||||
* check&CPD_CHECK, and we think we can create it, return 0. Else
|
* check&CPD_CHECK, and we think we can create it, return 0. Else
|
||||||
* return -1. If CPD_GROUP_OK is set, then it's okay if the directory
|
* return -1. If CPD_GROUP_OK is set, then it's okay if the directory
|
||||||
* is group-readable, but in all cases we create the directory mode 0700.
|
* is group-readable, but in all cases we create the directory mode 0700.
|
||||||
|
* If CPD_CHECK_MODE_ONLY is set, then we don't alter the directory permissions
|
||||||
|
* if they are too permissive: we just return -1.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
check_private_dir(const char *dirname, cpd_check_t check)
|
check_private_dir(const char *dirname, cpd_check_t check)
|
||||||
@ -1741,6 +1743,11 @@ check_private_dir(const char *dirname, cpd_check_t check)
|
|||||||
}
|
}
|
||||||
if (st.st_mode & mask) {
|
if (st.st_mode & mask) {
|
||||||
unsigned new_mode;
|
unsigned new_mode;
|
||||||
|
if (check & CPD_CHECK_MODE_ONLY) {
|
||||||
|
log_warn(LD_FS, "Permissions on directory %s are too permissive.",
|
||||||
|
dirname);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
log_warn(LD_FS, "Fixing permissions on directory %s", dirname);
|
log_warn(LD_FS, "Fixing permissions on directory %s", dirname);
|
||||||
new_mode = st.st_mode;
|
new_mode = st.st_mode;
|
||||||
new_mode |= 0700; /* Owner should have rwx */
|
new_mode |= 0700; /* Owner should have rwx */
|
||||||
|
@ -291,6 +291,7 @@ typedef unsigned int cpd_check_t;
|
|||||||
#define CPD_CREATE 1
|
#define CPD_CREATE 1
|
||||||
#define CPD_CHECK 2
|
#define CPD_CHECK 2
|
||||||
#define CPD_GROUP_OK 4
|
#define CPD_GROUP_OK 4
|
||||||
|
#define CPD_CHECK_MODE_ONLY 8
|
||||||
int check_private_dir(const char *dirname, cpd_check_t check);
|
int check_private_dir(const char *dirname, cpd_check_t check);
|
||||||
#define OPEN_FLAGS_REPLACE (O_WRONLY|O_CREAT|O_TRUNC)
|
#define OPEN_FLAGS_REPLACE (O_WRONLY|O_CREAT|O_TRUNC)
|
||||||
#define OPEN_FLAGS_APPEND (O_WRONLY|O_CREAT|O_APPEND)
|
#define OPEN_FLAGS_APPEND (O_WRONLY|O_CREAT|O_APPEND)
|
||||||
|
Loading…
Reference in New Issue
Block a user