Commit 967b4e7c authored by Nick Mathewson's avatar Nick Mathewson 🦀
Browse files

Merge remote-tracking branch 'asn/nickm-bug12864_025' into maint-0.2.5

parents 0cb028b7 112c984f
Loading
Loading
Loading
Loading

changes/bug12864

0 → 100644
+7 −0
Original line number Diff line number Diff line
  o Minor bugfixes:
    - Restore the functionality of CookieAuthFileGroupReadable. Fixes bug
      12864; bugfix on 0.2.5.1-alpha.

  o Minor features:
    - Add an ExtORPortCookieAuthFileGroupReadable option to make the
      cookie file for the ExtORPort g+r by default.
+8 −1
Original line number Diff line number Diff line
@@ -224,6 +224,13 @@ GENERAL OPTIONS
    for the Extended ORPort's cookie file -- the cookie file is needed
    for pluggable transports to communicate through the Extended ORPort.

[[ExtORPortCookieAuthFileGroupReadable]] **ExtORPortCookieAuthFileGroupReadable** **0**|**1**::
    If this option is set to 0, don't allow the filesystem group to read the
    Extended OR Port cookie file. If the option is set to 1, make the cookie
    file readable by the default GID. [Making the file readable by other
    groups is not yet implemented; let us know if you need this for some
    reason.] (Default: 0)

[[ConnLimit]] **ConnLimit** __NUM__::
    The minimum number of file descriptors that must be available to the Tor
    process before it will start. Tor will ask the OS for as many file
@@ -312,7 +319,7 @@ GENERAL OPTIONS
    If set, this option overrides the default location and file name
    for Tor's cookie file. (See CookieAuthentication above.)

[[CookieAuthFileGroupReadable]] **CookieAuthFileGroupReadable** **0**|**1**|__Groupname__::
[[CookieAuthFileGroupReadable]] **CookieAuthFileGroupReadable** **0**|**1**::
    If this option is set to 0, don't allow the filesystem group to read the
    cookie file. If the option is set to 1, make the cookie file readable by
    the default GID. [Making the file readable by other groups is not yet
+13 −1
Original line number Diff line number Diff line
@@ -238,6 +238,7 @@ static config_var_t option_vars_[] = {
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
  VPORT(ExtORPort,               LINELIST, NULL),
  V(ExtORPortCookieAuthFile,     STRING,   NULL),
  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
  V(ExtraInfoStatistics,         BOOL,     "1"),
  V(FallbackDir,                 LINELIST, NULL),

@@ -6824,11 +6825,14 @@ config_maybe_load_geoip_files_(const or_options_t *options,
 *  in <b>cookie_out</b>.
 *  Then write it down to <b>fname</b> and prepend it with <b>header</b>.
 *
 *  If <b>group_readable</b> is set, set <b>fname</b> to be readable
 *  by the default GID.
 *
 *  If the whole procedure was successful, set
 *  <b>cookie_is_set_out</b> to True. */
int
init_cookie_authentication(const char *fname, const char *header,
                           int cookie_len,
                           int cookie_len, int group_readable,
                           uint8_t **cookie_out, int *cookie_is_set_out)
{
  char cookie_file_str_len = strlen(header) + cookie_len;
@@ -6861,6 +6865,14 @@ init_cookie_authentication(const char *fname, const char *header,
    goto done;
  }

#ifndef _WIN32
  if (group_readable) {
    if (chmod(fname, 0640)) {
      log_warn(LD_FS,"Unable to make %s group-readable.", escaped(fname));
    }
  }
#endif

  /* Success! */
  log_info(LD_GENERAL, "Generated auth cookie file in '%s'.", escaped(fname));
  *cookie_is_set_out = 1;
+1 −1
Original line number Diff line number Diff line
@@ -97,7 +97,7 @@ uint32_t get_effective_bwburst(const or_options_t *options);
char *get_transport_bindaddr_from_config(const char *transport);

int init_cookie_authentication(const char *fname, const char *header,
                               int cookie_len,
                               int cookie_len, int group_readable,
                               uint8_t **cookie_out, int *cookie_is_set_out);

or_options_t *options_new(void);
+1 −0
Original line number Diff line number Diff line
@@ -4666,6 +4666,7 @@ init_control_cookie_authentication(int enabled)
  fname = get_controller_cookie_file_name();
  retval = init_cookie_authentication(fname, "", /* no header */
                                      AUTHENTICATION_COOKIE_LEN,
                                   get_options()->CookieAuthFileGroupReadable,
                                      &authentication_cookie,
                                      &authentication_cookie_is_set);
  tor_free(fname);
Loading