From 7caf7e9f2a26dfb425dab761b4b41a38d96db0af Mon Sep 17 00:00:00 2001 From: meejah Date: Sat, 30 Aug 2014 15:14:51 -0600 Subject: [PATCH] Make HiddenServiceDirGroupReadable per-hidden-service --- src/or/config.c | 2 +- src/or/rendservice.c | 17 ++++++++++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/src/or/config.c b/src/or/config.c index 97b3601706..847ae162ed 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -271,8 +271,8 @@ static config_var_t option_vars_[] = { V(AccelDir, FILENAME, NULL), V(HashedControlPassword, LINELIST, NULL), V(HidServDirectoryV2, BOOL, "1"), - V(HiddenServiceDirGroupReadable, BOOL, "0"), VAR("HiddenServiceDir", LINELIST_S, RendConfigLines, NULL), + VAR("HiddenServiceDirGroupReadable", LINELIST_S, RendConfigLines, NULL), OBSOLETE("HiddenServiceExcludeNodes"), OBSOLETE("HiddenServiceNodes"), VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines, NULL), diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 456b548715..a1d572e1ac 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -95,6 +95,7 @@ typedef struct rend_service_port_config_t { typedef struct rend_service_t { /* Fields specified in config file */ char *directory; /**< where in the filesystem it stores it */ + int dir_group_readable; /**< if 1, allow group read permissions on directory */ smartlist_t *ports; /**< List of rend_service_port_config_t */ rend_auth_type_t auth_type; /**< Client authorization type or 0 if no client * authorization is performed. */ @@ -359,6 +360,7 @@ rend_config_services(const or_options_t *options, int validate_only) rend_service_t *service = NULL; rend_service_port_config_t *portcfg; smartlist_t *old_service_list = NULL; + int ok = 0; if (!validate_only) { old_service_list = rend_service_list; @@ -393,6 +395,15 @@ rend_config_services(const or_options_t *options, int validate_only) return -1; } smartlist_add(service->ports, portcfg); + } else if (!strcasecmp(line->key, "HiddenServiceDirGroupReadable")) { + service->dir_group_readable = (int)tor_parse_long(line->value, 10, 0, 1, &ok, NULL); + if (!ok) { + log_warn(LD_CONFIG, "HiddenServiceDirGroupReadable should be 0 or 1, not %s", + line->value); + rend_service_free(service); + return -1; + } + log_info(LD_CONFIG, "HiddenServiceDirGroupReadable=%d for %s", service->dir_group_readable, service->directory); } else if (!strcasecmp(line->key, "HiddenServiceAuthorizeClient")) { /* Parse auth type and comma-separated list of client names and add a * rend_authorized_client_t for each client to the service's list @@ -696,7 +707,7 @@ rend_service_load_keys(rend_service_t *s) char buf[128]; cpd_check_t check_opts = CPD_CREATE; - if (get_options()->HiddenServiceDirGroupReadable) { + if (s->dir_group_readable) { check_opts |= CPD_GROUP_READ; } /* Check/create directory */ @@ -704,7 +715,7 @@ rend_service_load_keys(rend_service_t *s) return -1; } #ifndef _WIN32 - if (get_options()->HiddenServiceDirGroupReadable) { + if (s->dir_group_readable) { /* Only new dirs created get new opts, also enforce group read. */ if (chmod(s->directory, 0750)) { log_warn(LD_FS,"Unable to make %s group-readable.", s->directory); @@ -748,7 +759,7 @@ rend_service_load_keys(rend_service_t *s) return -1; } #ifndef _WIN32 - if (get_options()->HiddenServiceDirGroupReadable) { + if (s->dir_group_readable) { /* Also verify hostname file created with group read. */ if (chmod(fname, 0640)) { log_warn(LD_FS,"Unable to make hidden hostname file %s group-readable.", fname);