[or-cvs] r11141: Implement CookieAuthFile and CookieAuthFileGroupReadable. Ba (in tor/trunk: . doc src/or)

nickm at seul.org nickm at seul.org
Thu Aug 16 17:46:01 UTC 2007 

Author: nickm
Date: 2007-08-16 13:46:01 -0400 (Thu, 16 Aug 2007)
New Revision: 11141

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/doc/tor.1.in
   tor/trunk/src/or/config.c
   tor/trunk/src/or/control.c
   tor/trunk/src/or/or.h
Log:
 r14606 at catbus:  nickm | 2007-08-16 13:45:01 -0400
 Implement CookieAuthFile and CookieAuthFileGroupReadable.  Backport candidate.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r14606] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2007-08-16 17:34:58 UTC (rev 11140)
+++ tor/trunk/ChangeLog	2007-08-16 17:46:01 UTC (rev 11141)
@@ -31,6 +31,8 @@
       before any authentication has been received.  It tells a controller
       what kind of authentication is expected, and what protocol is spoken.
       Implements proposal 119.
+    - Implement options to allow the controller to pick a new location for
+      the cookie authentication file, and to make it group-readable.
 
   o Minor bugfixes (other):
     - If we require CookieAuthentication but we fail to write the

Modified: tor/trunk/doc/tor.1.in
===================================================================
--- tor/trunk/doc/tor.1.in	2007-08-16 17:34:58 UTC (rev 11140)
+++ tor/trunk/doc/tor.1.in	2007-08-16 17:46:01 UTC (rev 11141)
@@ -170,6 +170,19 @@
 security. (Default: 0)
 .LP
 .TP
+\fBCookieAuthFile \fR\fIPath\fP
+If set, this option overrides the default location and file name for Tor's
+cookie file.  (See CookieAuthentication above.)
+.LP
+.TP
+\fBCookieAuthFileGroupReadable \fR\fB0\fR|\fB1\R|\fIGroupName\fP
+If this option is set to 0, don't allow the filesystem group to read
+the cookie file.  If the option is set to 1, make the cookie file
+readable by the default GID.  [Making the file readable by other
+groups is not yet implemented; let us know if you need this for some
+reason.]  (Default: 0).
+.LP
+.TP
 \fBDataDirectory \fR\fIDIR\fP
 Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor)
 .LP

Modified: tor/trunk/src/or/config.c
===================================================================
--- tor/trunk/src/or/config.c	2007-08-16 17:34:58 UTC (rev 11140)
+++ tor/trunk/src/or/config.c	2007-08-16 17:46:01 UTC (rev 11141)
@@ -152,6 +152,9 @@
   VAR("ControlPort",         UINT,     ControlPort,          "0"),
   VAR("ControlSocket",       LINELIST, ControlSocket,        NULL),
   VAR("CookieAuthentication",BOOL,     CookieAuthentication, "0"),
+  VAR("CookieAuthFileGroupReadable",BOOL,  CookieAuthFileGroupReadable, "0"),
+  VAR("CookieAuthFile",      STRING,   CookieAuthFile,       "0"),
+  VAR("CookieAuthentication",BOOL,     CookieAuthentication, "0"),
   VAR("DataDirectory",       STRING,   DataDirectory,        NULL),
   OBSOLETE("DebugLogFile"),
   VAR("DirAllowPrivateAddresses",BOOL, DirAllowPrivateAddresses, NULL),

Modified: tor/trunk/src/or/control.c
===================================================================
--- tor/trunk/src/or/control.c	2007-08-16 17:34:58 UTC (rev 11140)
+++ tor/trunk/src/or/control.c	2007-08-16 17:46:01 UTC (rev 11141)
@@ -3434,11 +3434,16 @@
 static char *
 get_cookie_file(void)
 {
-  const char *datadir = get_options()->DataDirectory;
-  size_t len = strlen(datadir)+64;
-  char *fname = tor_malloc(len);
-  tor_snprintf(fname, len, "%s"PATH_SEPARATOR"control_auth_cookie", datadir);
-  return fname;
+  or_options_t *options = get_options();
+  if (options->CookieAuthFile && strlen(options->CookieAuthFile)) {
+    return tor_strdup(options->CookieAuthFile);
+  } else {
+    const char *datadir = get_options()->DataDirectory;
+    size_t len = strlen(datadir)+64;
+    char *fname = tor_malloc(len);
+    tor_snprintf(fname, len, "%s"PATH_SEPARATOR"control_auth_cookie", datadir);
+    return fname;
+  }
 }
 
 /** Choose a random authentication cookie and write it to disk.
@@ -3469,6 +3474,13 @@
     tor_free(fname);
     return -1;
   }
+#ifndef MS_WINDOWS
+  if (get_options()->CookieAuthFileGroupReadable) {
+    if (chmod(fname, 0640)) {
+      log_warn(LD_FS,"Unable to make %s group-readable.", escaped(fname));
+    }
+  }
+#endif
 
   tor_free(fname);
   return 0;

Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h	2007-08-16 17:34:58 UTC (rev 11140)
+++ tor/trunk/src/or/or.h	2007-08-16 17:46:01 UTC (rev 11141)
@@ -2022,6 +2022,8 @@
                                 * the control system. */
   int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for
                              * the control system? */
+  char *CookieAuthFile; /**< Location of a cookie authentication file. */
+  int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */
   int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to
                           * circuits itself (0), or does it expect a controller
                           * to cope? (1) */

More information about the tor-commits mailing list