[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r11117: backport candidate: - If we require CookieAuthentication but (in tor/trunk: . src/or)



Author: arma
Date: 2007-08-15 11:26:14 -0400 (Wed, 15 Aug 2007)
New Revision: 11117

Modified:
   tor/trunk/ChangeLog
   tor/trunk/src/or/config.c
   tor/trunk/src/or/control.c
Log:
backport candidate:
- If we require CookieAuthentication but we fail to write the
  cookie file, we would warn but not exit, and end up in a state
  where no controller could authenticate. Now we exit.
- If we require CookieAuthentication, stop generating a new cookie
  every time we change any piece of our config.


Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2007-08-15 14:48:59 UTC (rev 11116)
+++ tor/trunk/ChangeLog	2007-08-15 15:26:14 UTC (rev 11117)
@@ -26,6 +26,14 @@
     - Read v3 keys from the right location.
     - Numerous bugfixes to directory voting code.
 
+  o Minor bugfixes (other):
+    - If we require CookieAuthentication but we fail to write the
+      cookie file, we would warn but not exit, and end up in a state
+      where no controller could authenticate. Now we exit.
+    - If we require CookieAuthentication, stop generating a new cookie
+      every time we change any piece of our config.
+
+
 Changes in version 0.2.0.4-alpha - 2007-08-01
   o Major security fixes:
     - Close immediately after missing authentication on control port;

Modified: tor/trunk/src/or/config.c
===================================================================
--- tor/trunk/src/or/config.c	2007-08-15 14:48:59 UTC (rev 11116)
+++ tor/trunk/src/or/config.c	2007-08-15 15:26:14 UTC (rev 11117)
@@ -1039,7 +1039,10 @@
   /* Update address policies. */
   policies_parse_from_options(options);
 
-  init_cookie_authentication(options->CookieAuthentication);
+  if (init_cookie_authentication(options->CookieAuthentication) < 0) {
+    log_warn(LD_CONFIG,"Error creating cookie authentication file.");
+    return -1;
+  }
 
   /* reload keys as needed for rendezvous services. */
   if (rend_service_load_keys()<0) {

Modified: tor/trunk/src/or/control.c
===================================================================
--- tor/trunk/src/or/control.c	2007-08-15 14:48:59 UTC (rev 11116)
+++ tor/trunk/src/or/control.c	2007-08-15 15:26:14 UTC (rev 11117)
@@ -3343,7 +3343,8 @@
 
 /** Choose a random authentication cookie and write it to disk.
  * Anybody who can read the cookie from disk will be considered
- * authorized to use the control connection. */
+ * authorized to use the control connection. Return -1 if we can't
+ * write the file, or 0 on success. */
 int
 init_cookie_authentication(int enabled)
 {
@@ -3354,13 +3355,19 @@
     return 0;
   }
 
+  /* We don't want to generate a new cookie every time we call
+   * options_act(). One should be enough. */
+  if (authentication_cookie_is_set)
+    return 0; /* all set */
+
   tor_snprintf(fname, sizeof(fname), "%s"PATH_SEPARATOR"control_auth_cookie",
                get_options()->DataDirectory);
   crypto_rand(authentication_cookie, AUTHENTICATION_COOKIE_LEN);
   authentication_cookie_is_set = 1;
   if (write_bytes_to_file(fname, authentication_cookie,
                           AUTHENTICATION_COOKIE_LEN, 1)) {
-    log_warn(LD_FS,"Error writing authentication cookie.");
+    log_warn(LD_FS,"Error writing authentication cookie to %s.",
+             escaped(fname));
     return -1;
   }