[tor-commits] [tor/master] relay: Honor DataDirectoryGroupReadable at key init

nickm at torproject.org nickm at torproject.org
Wed Jan 18 14:11:07 UTC 2017 

commit e16148a58218177411939e373d96aa4f152cadc8
Author: David Goulet <dgoulet at torproject.org>
Date:   Tue Jan 17 14:40:01 2017 -0500

    relay: Honor DataDirectoryGroupReadable at key init
    
    Our config code is checking correctly at DataDirectoryGroupReadable but then
    when we initialize the keys, we ignored that option ending up at setting back
    the DataDirectory to 0700 instead of 0750. Patch by "redfish".
    
    Fixes #19953
    
    Signed-off-by: David Goulet <dgoulet at torproject.org>
---
 changes/bug19953    | 6 ++++++
 src/or/router.c     | 7 ++++++-
 src/or/routerkeys.c | 7 +++++--
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/changes/bug19953 b/changes/bug19953
new file mode 100644
index 0000000..919018d
--- /dev/null
+++ b/changes/bug19953
@@ -0,0 +1,6 @@
+  o Minor bugfixes (relay)
+    - Honor DataDirectoryGroupReadable when tor is a relay. Previously, the
+      initialization of the keys would reset the DataDirectory to 0700 instead
+      of 0750 if DataDirectoryGroupReadable was set to 1. Fixes #19953. Patch
+      by "redfish".; bugfix on tor-0.0.2pre16.
+
diff --git a/src/or/router.c b/src/or/router.c
index 2d8208a..e4fa72a 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -849,7 +849,12 @@ init_keys(void)
   if (init_keys_common() < 0)
     return -1;
   /* Make sure DataDirectory exists, and is private. */
-  if (check_private_dir(options->DataDirectory, CPD_CREATE, options->User)) {
+  cpd_check_t cpd_opts = CPD_CREATE;
+  if (options->DataDirectoryGroupReadable)
+    cpd_opts |= CPD_GROUP_READ;
+  if (check_private_dir(options->DataDirectory, cpd_opts, options->User)) {
+    log_err(LD_OR, "Can't create/check datadirectory %s",
+            options->DataDirectory);
     return -1;
   }
   /* Check the key directory. */
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index 51802b1..e207871 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -785,8 +785,11 @@ load_ed_keys(const or_options_t *options, time_t now)
     if (options->command == CMD_KEYGEN)
       flags |= INIT_ED_KEY_TRY_ENCRYPTED;
 
-    /* Check the key directory */
-    if (check_private_dir(options->DataDirectory, CPD_CREATE, options->User)) {
+    /* Check/Create the key directory */
+    cpd_check_t cpd_opts = CPD_CREATE;
+    if (options->DataDirectoryGroupReadable)
+      cpd_opts |= CPD_GROUP_READ;
+    if (check_private_dir(options->DataDirectory, cpd_opts, options->User)) {
       log_err(LD_OR, "Can't create/check datadirectory %s",
               options->DataDirectory);
       goto err;

More information about the tor-commits mailing list