9 years ago · 0808ed83f9
--- a/changes/bug12864
+++ b/changes/bug12864
@@ -0,0 +1,7 @@
 
				+  o Minor bugfixes:
			
 
				+    - Restore the functionality of CookieAuthFileGroupReadable. Fixes bug
			
 
				+      12864; bugfix on 0.2.5.1-alpha.
			
 
				+
			
 
				+  o Minor features:
			
 
				+    - Add an ExtORPortCookieAuthFileGroupReadable option to make the
			
 
				+      cookie file for the ExtORPort g+r by default.
			
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -224,6 +224,13 @@ GENERAL OPTIONS
 
				     for the Extended ORPort's cookie file -- the cookie file is needed
			
 
				     for pluggable transports to communicate through the Extended ORPort.
			
 
				 
			
 
				+[[ExtORPortCookieAuthFileGroupReadable]] **ExtORPortCookieAuthFileGroupReadable** **0**|**1**::
			
 
				+    If this option is set to 0, don't allow the filesystem group to read the
			
 
				+    Extende OR Port cookie file. If the option is set to 1, make the cookie
			
 
				+    file readable by the default GID. [Making the file readable by other
			
 
				+    groups is not yet implemented; let us know if you need this for some
			
 
				+    reason.] (Default: 0)
			
 
				+
			
 
				 [[ConnLimit]] **ConnLimit** __NUM__::
			
 
				     The minimum number of file descriptors that must be available to the Tor
			
 
				     process before it will start. Tor will ask the OS for as many file
			
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -238,6 +238,7 @@ static config_var_t option_vars_[] = {
 
				   V(ExtendAllowPrivateAddresses, BOOL,     "0"),
			
 
				   VPORT(ExtORPort,               LINELIST, NULL),
			
 
				   V(ExtORPortCookieAuthFile,     STRING,   NULL),
			
 
				+  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
			
 
				   V(ExtraInfoStatistics,         BOOL,     "1"),
			
 
				   V(FallbackDir,                 LINELIST, NULL),
			
 
				 
			
@@ -6828,7 +6829,7 @@ config_maybe_load_geoip_files_(const or_options_t *options,
 
				  *  <b>cookie_is_set_out</b> to True. */
			
 
				 int
			
 
				 init_cookie_authentication(const char *fname, const char *header,
			
 
				-                           int cookie_len,
			
 
				+                           int cookie_len, int group_readable,
			
 
				                            uint8_t **cookie_out, int *cookie_is_set_out)
			
 
				 {
			
 
				   char cookie_file_str_len = strlen(header) + cookie_len;
			
@@ -6861,6 +6862,14 @@ init_cookie_authentication(const char *fname, const char *header,
 
				     goto done;
			
 
				   }
			
 
				 
			
 
				+#ifndef _WIN32
			
 
				+  if (group_readable) {
			
 
				+    if (chmod(fname, 0640)) {
			
 
				+      log_warn(LD_FS,"Unable to make %s group-readable.", escaped(fname));
			
 
				+    }
			
 
				+  }
			
 
				+#endif
			
 
				+
			
 
				   /* Success! */
			
 
				   log_info(LD_GENERAL, "Generated auth cookie file in '%s'.", escaped(fname));
			
 
				   *cookie_is_set_out = 1;
			
--- a/src/or/config.h
+++ b/src/or/config.h
@@ -97,7 +97,7 @@ uint32_t get_effective_bwburst(const or_options_t *options);
 
				 char *get_transport_bindaddr_from_config(const char *transport);
			
 
				 
			
 
				 int init_cookie_authentication(const char *fname, const char *header,
			
 
				-                               int cookie_len,
			
 
				+                               int cookie_len, int group_readable,
			
 
				                                uint8_t **cookie_out, int *cookie_is_set_out);
			
 
				 
			
 
				 or_options_t *options_new(void);
			
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -4666,6 +4666,7 @@ init_control_cookie_authentication(int enabled)
 
				   fname = get_controller_cookie_file_name();
			
 
				   retval = init_cookie_authentication(fname, "", /* no header */
			
 
				                                       AUTHENTICATION_COOKIE_LEN,
			
 
				+                                   get_options()->CookieAuthFileGroupReadable,
			
 
				                                       &authentication_cookie,
			
 
				                                       &authentication_cookie_is_set);
			
 
				   tor_free(fname);
			
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -143,6 +143,7 @@ init_ext_or_cookie_authentication(int is_enabled)
 
				   fname = get_ext_or_auth_cookie_file_name();
			
 
				   retval = init_cookie_authentication(fname, EXT_OR_PORT_AUTH_COOKIE_HEADER,
			
 
				                                       EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN,
			
 
				+                           get_options()->ExtORPortCookieAuthFileGroupReadable,
			
 
				                                       &ext_or_auth_cookie,
			
 
				                                       &ext_or_auth_cookie_is_set);
			
 
				   tor_free(fname);
			
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3801,6 +3801,8 @@ typedef struct {
 
				   char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended
			
 
				                                  *   ORPort authentication cookie. */
			
 
				   int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */
			
 
				+  int ExtORPortCookieAuthFileGroupReadable; /**< Boolean: Is the
			
 
				+                                             * ExtORPortCookieAuthFile g+r? */
			
 
				   int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to
			
 
				                           * circuits itself (0), or does it expect a controller
			
 
				                           * to cope? (1) */