Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

backport candidate:
- If we require CookieAuthentication but we fail to write the
cookie file, we would warn but not exit, and end up in a state
where no controller could authenticate. Now we exit.
- If we require CookieAuthentication, stop generating a new cookie
every time we change any piece of our config.


svn:r11117

Roger Dingledine 17 years ago
parent
93375d9a84
commit
f606d74f56
3 changed files with 21 additions and 3 deletions
Split View Show Diff Stats
  1. 8 0
      ChangeLog
  2. 4 1
      src/or/config.c
  3. 9 2
      src/or/control.c

+ 8 - 0
ChangeLog
View File 

@@ -26,6 +26,14 @@ Changes in version 0.2.0.5-alpha - 2007-??-??
 
     - Read v3 keys from the right location.
 
     - Numerous bugfixes to directory voting code.
 
 
+  o Minor bugfixes (other):
 
+    - If we require CookieAuthentication but we fail to write the
 
+      cookie file, we would warn but not exit, and end up in a state
 
+      where no controller could authenticate. Now we exit.
 
+    - If we require CookieAuthentication, stop generating a new cookie
 
+      every time we change any piece of our config.
 
+
 
+
 
 Changes in version 0.2.0.4-alpha - 2007-08-01
 
   o Major security fixes:
 
     - Close immediately after missing authentication on control port;

+ 4 - 1
src/or/config.c
View File 

@@ -1039,7 +1039,10 @@ options_act(or_options_t *old_options)
 
   /* Update address policies. */
 
   policies_parse_from_options(options);
 
 
-  init_cookie_authentication(options->CookieAuthentication);
 
+  if (init_cookie_authentication(options->CookieAuthentication) < 0) {
 
+    log_warn(LD_CONFIG,"Error creating cookie authentication file.");
 
+    return -1;
 
+  }
 
 
   /* reload keys as needed for rendezvous services. */
 
   if (rend_service_load_keys()<0) {

+ 9 - 2
src/or/control.c
View File 

@@ -3343,7 +3343,8 @@ control_event_guard(const char *nickname, const char *digest,
 
 
 /** Choose a random authentication cookie and write it to disk.
 
  * Anybody who can read the cookie from disk will be considered
 
- * authorized to use the control connection. */
 
+ * authorized to use the control connection. Return -1 if we can't
 
+ * write the file, or 0 on success. */
 
 int
 
 init_cookie_authentication(int enabled)
 
 {
 
@@ -3354,13 +3355,19 @@ init_cookie_authentication(int enabled)
 
     return 0;
 
   }
 
 
+  /* We don't want to generate a new cookie every time we call
 
+   * options_act(). One should be enough. */
 
+  if (authentication_cookie_is_set)
 
+    return 0; /* all set */
 
+
 
   tor_snprintf(fname, sizeof(fname), "%s"PATH_SEPARATOR"control_auth_cookie",
 
                get_options()->DataDirectory);
 
   crypto_rand(authentication_cookie, AUTHENTICATION_COOKIE_LEN);
 
   authentication_cookie_is_set = 1;
 
   if (write_bytes_to_file(fname, authentication_cookie,
 
                           AUTHENTICATION_COOKIE_LEN, 1)) {
 
-    log_warn(LD_FS,"Error writing authentication cookie.");
 
+    log_warn(LD_FS,"Error writing authentication cookie to %s.",
 
+             escaped(fname));
 
     return -1;
 
   }