Restore functionality for CookieAuthFileGroupReadable. (0808ed83) · Commits · David Goulet / Tor

changes/bug12864

0 → 100644

+7 −0

Original line number	Diff line number	Diff line
		o Minor bugfixes:
		- Restore the functionality of CookieAuthFileGroupReadable. Fixes bug
		12864; bugfix on 0.2.5.1-alpha.

		o Minor features:
		- Add an ExtORPortCookieAuthFileGroupReadable option to make the
		cookie file for the ExtORPort g+r by default.

+7 −0

Original line number	Diff line number	Diff line
		@@ -224,6 +224,13 @@ GENERAL OPTIONS
		for the Extended ORPort's cookie file -- the cookie file is needed
		for pluggable transports to communicate through the Extended ORPort.

		[[ExtORPortCookieAuthFileGroupReadable]] ExtORPortCookieAuthFileGroupReadable 0\|1::
		If this option is set to 0, don't allow the filesystem group to read the
		Extende OR Port cookie file. If the option is set to 1, make the cookie
		file readable by the default GID. [Making the file readable by other
		groups is not yet implemented; let us know if you need this for some
		reason.] (Default: 0)

		[[ConnLimit]] ConnLimit __NUM__::
		The minimum number of file descriptors that must be available to the Tor
		process before it will start. Tor will ask the OS for as many file

+10 −1

Original line number	Diff line number	Diff line
		@@ -238,6 +238,7 @@ static config_var_t option_vars_[] = {
		V(ExtendAllowPrivateAddresses, BOOL, "0"),
		VPORT(ExtORPort, LINELIST, NULL),
		V(ExtORPortCookieAuthFile, STRING, NULL),
		V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
		V(ExtraInfoStatistics, BOOL, "1"),
		V(FallbackDir, LINELIST, NULL),

		@@ -6828,7 +6829,7 @@ config_maybe_load_geoip_files_(const or_options_t *options,
		* <b>cookie_is_set_out</b> to True. */
		int
		init_cookie_authentication(const char fname, const char header,
		int cookie_len,
		int cookie_len, int group_readable,
		uint8_t *cookie_out, int cookie_is_set_out)
		{
		char cookie_file_str_len = strlen(header) + cookie_len;
		@@ -6861,6 +6862,14 @@ init_cookie_authentication(const char fname, const char header,
		goto done;
		}

		#ifndef _WIN32
		if (group_readable) {
		if (chmod(fname, 0640)) {
		log_warn(LD_FS,"Unable to make %s group-readable.", escaped(fname));
		}
		}
		#endif

		/* Success! */
		log_info(LD_GENERAL, "Generated auth cookie file in '%s'.", escaped(fname));
		*cookie_is_set_out = 1;

+1 −1

Original line number	Diff line number	Diff line
		@@ -97,7 +97,7 @@ uint32_t get_effective_bwburst(const or_options_t *options);
		char get_transport_bindaddr_from_config(const char transport);

		int init_cookie_authentication(const char fname, const char header,
		int cookie_len,
		int cookie_len, int group_readable,
		uint8_t *cookie_out, int cookie_is_set_out);

		or_options_t *options_new(void);

+1 −0

Original line number	Diff line number	Diff line
		@@ -4666,6 +4666,7 @@ init_control_cookie_authentication(int enabled)
		fname = get_controller_cookie_file_name();
		retval = init_cookie_authentication(fname, "", /* no header */
		AUTHENTICATION_COOKIE_LEN,
		get_options()->CookieAuthFileGroupReadable,
		&authentication_cookie,
		&authentication_cookie_is_set);
		tor_free(fname);