r14606@catbus: nickm | 2007-08-16 13:45:01 -0400

Implement CookieAuthFile and CookieAuthFileGroupReadable.  Backport candidate.


svn:r11141

ChangeLog

@@ -31,6 +31,8 @@ Changes in version 0.2.0.5-alpha - 2007-??-??
       before any authentication has been received.  It tells a controller
       what kind of authentication is expected, and what protocol is spoken.
       Implements proposal 119.
+    - Implement options to allow the controller to pick a new location for
+      the cookie authentication file, and to make it group-readable.
 
   o Minor bugfixes (other):
     - If we require CookieAuthentication but we fail to write the

doc/tor.1.in

@@ -170,6 +170,19 @@ authentication methods should only be used on systems with good filesystem
 security. (Default: 0)
 .LP
 .TP
+\fBCookieAuthFile \fR\fIPath\fP
+If set, this option overrides the default location and file name for Tor's
+cookie file.  (See CookieAuthentication above.)
+.LP
+.TP
+\fBCookieAuthFileGroupReadable \fR\fB0\fR|\fB1\R|\fIGroupName\fP
+If this option is set to 0, don't allow the filesystem group to read
+the cookie file.  If the option is set to 1, make the cookie file
+readable by the default GID.  [Making the file readable by other
+groups is not yet implemented; let us know if you need this for some
+reason.]  (Default: 0).
+.LP
+.TP
 \fBDataDirectory \fR\fIDIR\fP
 Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor)
 .LP

src/or/config.c

@@ -152,6 +152,9 @@ static config_var_t _option_vars[] = {
   VAR("ControlPort",         UINT,     ControlPort,          "0"),
   VAR("ControlSocket",       LINELIST, ControlSocket,        NULL),
   VAR("CookieAuthentication",BOOL,     CookieAuthentication, "0"),
+  VAR("CookieAuthFileGroupReadable",BOOL,  CookieAuthFileGroupReadable, "0"),
+  VAR("CookieAuthFile",      STRING,   CookieAuthFile,       "0"),
+  VAR("CookieAuthentication",BOOL,     CookieAuthentication, "0"),
   VAR("DataDirectory",       STRING,   DataDirectory,        NULL),
   OBSOLETE("DebugLogFile"),
   VAR("DirAllowPrivateAddresses",BOOL, DirAllowPrivateAddresses, NULL),

src/or/control.c

@@ -3434,11 +3434,16 @@ control_event_guard(const char *nickname, const char *digest,
 static char *
 get_cookie_file(void)
 {
-  const char *datadir = get_options()->DataDirectory;
-  size_t len = strlen(datadir)+64;
-  char *fname = tor_malloc(len);
-  tor_snprintf(fname, len, "%s"PATH_SEPARATOR"control_auth_cookie", datadir);
-  return fname;
+  or_options_t *options = get_options();
+  if (options->CookieAuthFile && strlen(options->CookieAuthFile)) {
+    return tor_strdup(options->CookieAuthFile);
+  } else {
+    const char *datadir = get_options()->DataDirectory;
+    size_t len = strlen(datadir)+64;
+    char *fname = tor_malloc(len);
+    tor_snprintf(fname, len, "%s"PATH_SEPARATOR"control_auth_cookie", datadir);
+    return fname;
+  }
 }
 
 /** Choose a random authentication cookie and write it to disk.
@@ -3469,6 +3474,13 @@ init_cookie_authentication(int enabled)
     tor_free(fname);
     return -1;
   }
+#ifndef MS_WINDOWS
+  if (get_options()->CookieAuthFileGroupReadable) {
+    if (chmod(fname, 0640)) {
+      log_warn(LD_FS,"Unable to make %s group-readable.", escaped(fname));
+    }
+  }
+#endif
 
   tor_free(fname);
   return 0;

src/or/or.h

@@ -2022,6 +2022,8 @@ typedef struct {
                                 * the control system. */
   int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for
                              * the control system? */
+  char *CookieAuthFile; /**< Location of a cookie authentication file. */
+  int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */
   int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to
                           * circuits itself (0), or does it expect a controller
                           * to cope? (1) */