[tor-commits] [tor/master] Create a CacheDirectory and KeyDirectory options.
nickm at torproject.org
nickm at torproject.org
Wed Dec 6 00:53:09 UTC 2017
commit a9806af2610904308642518990fc82c71d567d4a
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue Nov 14 17:07:40 2017 -0500
Create a CacheDirectory and KeyDirectory options.
They work the same as DataDirectory, but default slightly different.
Tor is not actually updated to use them yet.
---
src/or/config.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++-------
src/or/main.c | 6 +++--
src/or/or.h | 11 +++++++++
3 files changed, 81 insertions(+), 11 deletions(-)
diff --git a/src/or/config.c b/src/or/config.c
index d149a144d..a5007d03f 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -253,6 +253,8 @@ static config_var_t option_vars_[] = {
V(BridgeRecordUsageByCountry, BOOL, "1"),
V(BridgeRelay, BOOL, "0"),
V(BridgeDistribution, STRING, NULL),
+ VAR("CacheDirectory", FILENAME, CacheDirectory_option, NULL),
+ V(CacheDirectoryGroupReadable, BOOL, "0"),
V(CellStatistics, BOOL, "0"),
V(PaddingStatistics, BOOL, "1"),
V(LearnCircuitBuildTimeout, BOOL, "1"),
@@ -392,6 +394,8 @@ static config_var_t option_vars_[] = {
V(Socks5Proxy, STRING, NULL),
V(Socks5ProxyUsername, STRING, NULL),
V(Socks5ProxyPassword, STRING, NULL),
+ VAR("KeyDirectory", FILENAME, KeyDirectory_option, NULL),
+ V(KeyDirectoryGroupReadable, BOOL, "0"),
V(KeepalivePeriod, INTERVAL, "5 minutes"),
V(KeepBindCapabilities, AUTOBOOL, "auto"),
VAR("Log", LINELIST, Logs, NULL),
@@ -733,7 +737,7 @@ static int parse_ports(or_options_t *options, int validate_only,
static int check_server_ports(const smartlist_t *ports,
const or_options_t *options,
int *num_low_ports_out);
-static int validate_data_directory(or_options_t *options);
+static int validate_data_directories(or_options_t *options);
static int write_configuration_file(const char *fname,
const or_options_t *options);
static int options_init_logs(const or_options_t *old_options,
@@ -942,6 +946,8 @@ or_options_free(or_options_t *options)
smartlist_free(options->FilesOpenedByIncludes);
}
tor_free(options->DataDirectory);
+ tor_free(options->CacheDirectory);
+ tor_free(options->KeyDirectory);
tor_free(options->BridgePassword_AuthDigest_);
tor_free(options->command_arg);
tor_free(options->master_key_fname);
@@ -1305,13 +1311,11 @@ create_keys_directory(const or_options_t *options)
options->DataDirectory);
return -1;
}
+
/* Check the key directory. */
- char *keydir = options_get_datadir_fname(options, "keys");
- if (check_private_dir(keydir, CPD_CREATE, options->User)) {
- tor_free(keydir);
+ if (check_private_dir(options->KeyDirectory, CPD_CREATE, options->User)) {
return -1;
}
- tor_free(keydir);
return 0;
}
@@ -1479,6 +1483,20 @@ options_act_reversible(const or_options_t *old_options, char **msg)
msg) < 0) {
goto done;
}
+ if (check_and_create_data_directory(running_tor /* create */,
+ options->KeyDirectory,
+ options->KeyDirectoryGroupReadable,
+ options->User,
+ msg) < 0) {
+ goto done;
+ }
+ if (check_and_create_data_directory(running_tor /* create */,
+ options->CacheDirectory,
+ options->CacheDirectoryGroupReadable,
+ options->User,
+ msg) < 0) {
+ goto done;
+ }
/* Bail out at this point if we're not going to be a client or server:
* we don't run Tor itself. */
@@ -3240,7 +3258,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
if (parse_outbound_addresses(options, 1, msg) < 0)
return -1;
- if (validate_data_directory(options)<0)
+ if (validate_data_directories(options)<0)
REJECT("Invalid DataDirectory");
if (options->Nickname == NULL) {
@@ -4638,6 +4656,22 @@ options_transition_allowed(const or_options_t *old,
return -1;
}
+ if (!opt_streq(old->KeyDirectory, new_val->KeyDirectory)) {
+ tor_asprintf(msg,
+ "While Tor is running, changing KeyDirectory "
+ "(\"%s\"->\"%s\") is not allowed.",
+ old->KeyDirectory, new_val->KeyDirectory);
+ return -1;
+ }
+
+ if (!opt_streq(old->CacheDirectory, new_val->CacheDirectory)) {
+ tor_asprintf(msg,
+ "While Tor is running, changing CacheDirectory "
+ "(\"%s\"->\"%s\") is not allowed.",
+ old->CacheDirectory, new_val->CacheDirectory);
+ return -1;
+ }
+
if (!opt_streq(old->User, new_val->User)) {
*msg = tor_strdup("While Tor is running, changing User is not allowed.");
return -1;
@@ -7774,10 +7808,10 @@ get_data_directory(const char *val)
#endif /* defined(_WIN32) */
}
-/** Check and normalize the value of options->DataDirectory; return 0 if it
- * is sane, -1 otherwise. */
+/** Check and normalize the values of options->{Key,Data,Cache}Directory;
+ * return 0 if it is sane, -1 otherwise. */
static int
-validate_data_directory(or_options_t *options)
+validate_data_directories(or_options_t *options)
{
tor_free(options->DataDirectory);
options->DataDirectory = get_data_directory(options->DataDirectory_option);
@@ -7787,6 +7821,29 @@ validate_data_directory(or_options_t *options)
log_warn(LD_CONFIG, "DataDirectory is too long.");
return -1;
}
+
+ tor_free(options->KeyDirectory);
+ if (options->KeyDirectory_option) {
+ options->KeyDirectory = get_data_directory(options->KeyDirectory_option);
+ if (!options->KeyDirectory)
+ return -1;
+ } else {
+ /* Default to the data directory's keys subdir */
+ tor_asprintf(&options->KeyDirectory, "%s"PATH_SEPARATOR"keys",
+ options->DataDirectory);
+ }
+
+ tor_free(options->CacheDirectory);
+ if (options->CacheDirectory_option) {
+ options->CacheDirectory = get_data_directory(
+ options->CacheDirectory_option);
+ if (!options->CacheDirectory)
+ return -1;
+ } else {
+ /* Default to the data directory. */
+ options->CacheDirectory = tor_strdup(options->DataDirectory);
+ }
+
return 0;
}
diff --git a/src/or/main.c b/src/or/main.c
index 2234e7cdb..b70f47abe 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -3571,7 +3571,8 @@ sandbox_init_filter(void)
OPEN_DATADIR2(name, name2 suffix); \
} while (0)
-#define OPEN_KEY_DIRECTORY() OPEN_DATADIR("keys")
+#define OPEN_KEY_DIRECTORY() \
+ sandbox_cfg_allow_open_filename(&cfg, tor_strdup(options->KeyDirectory))
#define OPEN_CACHEDIR(name) \
sandbox_cfg_allow_open_filename(&cfg, get_cachedir_fname(name))
#define OPEN_CACHEDIR_SUFFIX(name, suffix) do { \
@@ -3687,7 +3688,8 @@ sandbox_init_filter(void)
#define STAT_DATADIR2(name, name2) \
sandbox_cfg_allow_stat_filename(&cfg, get_datadir_fname2((name), (name2)))
-#define STAT_KEY_DIRECTORY() STAT_DATADIR("keys")
+#define STAT_KEY_DIRECTORY() \
+ sandbox_cfg_allow_stat_filename(&cfg, tor_strdup(options->KeyDirectory))
STAT_DATADIR(NULL);
STAT_DATADIR("lock");
diff --git a/src/or/or.h b/src/or/or.h
index 61e8d0b44..e10decf73 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3645,6 +3645,17 @@ typedef struct {
* configured by the user. */
char *DataDirectory; /**< Where to store long-term data, as modified. */
int DataDirectoryGroupReadable; /**< Boolean: Is the DataDirectory g+r? */
+
+ char *KeyDirectory_option; /**< Where to store keys, as
+ * configured by the user. */
+ char *KeyDirectory; /**< Where to store keys data, as modified. */
+ int KeyDirectoryGroupReadable; /**< Boolean: Is the KeyDirectory g+r? */
+
+ char *CacheDirectory_option; /**< Where to store cached data, as
+ * configured by the user. */
+ char *CacheDirectory; /**< Where to store cached data, as modified. */
+ int CacheDirectoryGroupReadable; /**< Boolean: Is the CacheDirectory g+r? */
+
char *Nickname; /**< OR only: nickname of this onion router. */
char *Address; /**< OR only: configured address for this onion router. */
char *PidFile; /**< Where to store PID of Tor process. */
More information about the tor-commits
mailing list