[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r11117: backport candidate: - If we require CookieAuthentication but (in tor/trunk: . src/or)
Author: arma
Date: 2007-08-15 11:26:14 -0400 (Wed, 15 Aug 2007)
New Revision: 11117
Modified:
tor/trunk/ChangeLog
tor/trunk/src/or/config.c
tor/trunk/src/or/control.c
Log:
backport candidate:
- If we require CookieAuthentication but we fail to write the
cookie file, we would warn but not exit, and end up in a state
where no controller could authenticate. Now we exit.
- If we require CookieAuthentication, stop generating a new cookie
every time we change any piece of our config.
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2007-08-15 14:48:59 UTC (rev 11116)
+++ tor/trunk/ChangeLog 2007-08-15 15:26:14 UTC (rev 11117)
@@ -26,6 +26,14 @@
- Read v3 keys from the right location.
- Numerous bugfixes to directory voting code.
+ o Minor bugfixes (other):
+ - If we require CookieAuthentication but we fail to write the
+ cookie file, we would warn but not exit, and end up in a state
+ where no controller could authenticate. Now we exit.
+ - If we require CookieAuthentication, stop generating a new cookie
+ every time we change any piece of our config.
+
+
Changes in version 0.2.0.4-alpha - 2007-08-01
o Major security fixes:
- Close immediately after missing authentication on control port;
Modified: tor/trunk/src/or/config.c
===================================================================
--- tor/trunk/src/or/config.c 2007-08-15 14:48:59 UTC (rev 11116)
+++ tor/trunk/src/or/config.c 2007-08-15 15:26:14 UTC (rev 11117)
@@ -1039,7 +1039,10 @@
/* Update address policies. */
policies_parse_from_options(options);
- init_cookie_authentication(options->CookieAuthentication);
+ if (init_cookie_authentication(options->CookieAuthentication) < 0) {
+ log_warn(LD_CONFIG,"Error creating cookie authentication file.");
+ return -1;
+ }
/* reload keys as needed for rendezvous services. */
if (rend_service_load_keys()<0) {
Modified: tor/trunk/src/or/control.c
===================================================================
--- tor/trunk/src/or/control.c 2007-08-15 14:48:59 UTC (rev 11116)
+++ tor/trunk/src/or/control.c 2007-08-15 15:26:14 UTC (rev 11117)
@@ -3343,7 +3343,8 @@
/** Choose a random authentication cookie and write it to disk.
* Anybody who can read the cookie from disk will be considered
- * authorized to use the control connection. */
+ * authorized to use the control connection. Return -1 if we can't
+ * write the file, or 0 on success. */
int
init_cookie_authentication(int enabled)
{
@@ -3354,13 +3355,19 @@
return 0;
}
+ /* We don't want to generate a new cookie every time we call
+ * options_act(). One should be enough. */
+ if (authentication_cookie_is_set)
+ return 0; /* all set */
+
tor_snprintf(fname, sizeof(fname), "%s"PATH_SEPARATOR"control_auth_cookie",
get_options()->DataDirectory);
crypto_rand(authentication_cookie, AUTHENTICATION_COOKIE_LEN);
authentication_cookie_is_set = 1;
if (write_bytes_to_file(fname, authentication_cookie,
AUTHENTICATION_COOKIE_LEN, 1)) {
- log_warn(LD_FS,"Error writing authentication cookie.");
+ log_warn(LD_FS,"Error writing authentication cookie to %s.",
+ escaped(fname));
return -1;
}