[tor-commits] [tor/master] Make HiddenServiceDirGroupReadable per-hidden-service
nickm at torproject.org
nickm at torproject.org
Wed Nov 5 19:19:18 UTC 2014
commit 7caf7e9f2a26dfb425dab761b4b41a38d96db0af
Author: meejah <meejah at meejah.ca>
Date: Sat Aug 30 15:14:51 2014 -0600
Make HiddenServiceDirGroupReadable per-hidden-service
---
src/or/config.c | 2 +-
src/or/rendservice.c | 17 ++++++++++++++---
2 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/src/or/config.c b/src/or/config.c
index 97b3601..847ae16 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -271,8 +271,8 @@ static config_var_t option_vars_[] = {
V(AccelDir, FILENAME, NULL),
V(HashedControlPassword, LINELIST, NULL),
V(HidServDirectoryV2, BOOL, "1"),
- V(HiddenServiceDirGroupReadable, BOOL, "0"),
VAR("HiddenServiceDir", LINELIST_S, RendConfigLines, NULL),
+ VAR("HiddenServiceDirGroupReadable", LINELIST_S, RendConfigLines, NULL),
OBSOLETE("HiddenServiceExcludeNodes"),
OBSOLETE("HiddenServiceNodes"),
VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines, NULL),
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 456b548..a1d572e 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -95,6 +95,7 @@ typedef struct rend_service_port_config_t {
typedef struct rend_service_t {
/* Fields specified in config file */
char *directory; /**< where in the filesystem it stores it */
+ int dir_group_readable; /**< if 1, allow group read permissions on directory */
smartlist_t *ports; /**< List of rend_service_port_config_t */
rend_auth_type_t auth_type; /**< Client authorization type or 0 if no client
* authorization is performed. */
@@ -359,6 +360,7 @@ rend_config_services(const or_options_t *options, int validate_only)
rend_service_t *service = NULL;
rend_service_port_config_t *portcfg;
smartlist_t *old_service_list = NULL;
+ int ok = 0;
if (!validate_only) {
old_service_list = rend_service_list;
@@ -393,6 +395,15 @@ rend_config_services(const or_options_t *options, int validate_only)
return -1;
}
smartlist_add(service->ports, portcfg);
+ } else if (!strcasecmp(line->key, "HiddenServiceDirGroupReadable")) {
+ service->dir_group_readable = (int)tor_parse_long(line->value, 10, 0, 1, &ok, NULL);
+ if (!ok) {
+ log_warn(LD_CONFIG, "HiddenServiceDirGroupReadable should be 0 or 1, not %s",
+ line->value);
+ rend_service_free(service);
+ return -1;
+ }
+ log_info(LD_CONFIG, "HiddenServiceDirGroupReadable=%d for %s", service->dir_group_readable, service->directory);
} else if (!strcasecmp(line->key, "HiddenServiceAuthorizeClient")) {
/* Parse auth type and comma-separated list of client names and add a
* rend_authorized_client_t for each client to the service's list
@@ -696,7 +707,7 @@ rend_service_load_keys(rend_service_t *s)
char buf[128];
cpd_check_t check_opts = CPD_CREATE;
- if (get_options()->HiddenServiceDirGroupReadable) {
+ if (s->dir_group_readable) {
check_opts |= CPD_GROUP_READ;
}
/* Check/create directory */
@@ -704,7 +715,7 @@ rend_service_load_keys(rend_service_t *s)
return -1;
}
#ifndef _WIN32
- if (get_options()->HiddenServiceDirGroupReadable) {
+ if (s->dir_group_readable) {
/* Only new dirs created get new opts, also enforce group read. */
if (chmod(s->directory, 0750)) {
log_warn(LD_FS,"Unable to make %s group-readable.", s->directory);
@@ -748,7 +759,7 @@ rend_service_load_keys(rend_service_t *s)
return -1;
}
#ifndef _WIN32
- if (get_options()->HiddenServiceDirGroupReadable) {
+ if (s->dir_group_readable) {
/* Also verify hostname file created with group read. */
if (chmod(fname, 0640)) {
log_warn(LD_FS,"Unable to make hidden hostname file %s group-readable.", fname);
More information about the tor-commits
mailing list