svn:r685

plus general cleanup on switch_id()


svn:r684

svn:r683

svn:r682

svn:r681

svn:r680

svn:r679

svn:r678

svn:r677

svn:r676

svn:r675

exit if bind fails
add usage printfs
rearrange config options for readability


svn:r674

svn:r673

svn:r672

svn:r671

svn:r670

somebody please go turn this into a section


svn:r669

svn:r668

svn:r667

(thanks cherub)


svn:r666

svn:r665

svn:r664

The problem was that the fixes had us generating TLS certs with a
2-day lifetime on the assumption that we'd rotate fairly often.  In
fact, we never rotate our TLS keys.

This patch fixes the situation in 2 ways:
   1. It bumps the default lifetime back up to one year until we get
      rotation in place.
   2. It changes tor_tls_context_new() so that it doesn't leak memory
      when you call it more than once.


svn:r663

svn:r662

svn:r661

more questions.


svn:r660

Windows, since we don't know whether it's the user or the group that
was set.


svn:r659

Allow some slop (currently 3 minutes) when checking certificate validity.

Change certificate lifetime from 1 year to 2 days.  Since we
regenerate regularly (we regenerate regularly, right??), this
shouldn't be a problem.

Have directories reject descriptors published too far in the future
(currently 30 minutes).  If dirservs don't do this:
    0) Today is January 1, 2000.
    1) A very skewed server publishes descriptor X with a declared
       publication time of August 1, 2000.
    2) The directory includes X.
    3) Because of certificate lifetime issues, nobody can use the
       skewed server.
    4) The server fixes its skew, and goes to republish a new descriptor Y
       with publication time of January 1, 2000.
    5) But because the directory already has a "more recent" descriptor X,
       it rejects descriptor "Y" as superseded!

This patch should make step 2 go away.


svn:r658

svn:r657

  setuid, because after we setuid we don't have the priviledges we
  need to setgid anymore, duh.  merged switch_user() and
  switch_group() into switch_id(), since that code has to be wound
  together.

- return -1 from switch_id() if it's not defined to do anything else.

- moved daemoinize(), write_pidfile(), and switch_id() from main.c to
  util.c


svn:r656

maybe more robust now


svn:r655

svn:r654

move default exit policy into config files


svn:r653

setuid and setgid respectively, and die if it can't.

(If the User option is set, tor will setgid to the user's gid as well.)

This happens after the pidfile is created, so that in cases where tor
needs to be root to work with the pidfile, it will at least be able to
create it, although it won't be able to delete it.  That sucks, but
it's somewhat better than not being able to create the pidfile in the
first place.


svn:r652

svn:r651

so he gets the permissions right.

also this means clients will never need to make the datadirectory.

also remind the admin to fix his clock before setting up his node.


svn:r650

svn:r649

svn:r648

svn:r647

svn:r646