r14590@catbus: nickm | 2007-08-16 12:19:12 -0400
Backport r11117: exit when we fail to write an auth cookie, and do not attempt to rewrite the auth cookie every time we restart. svn:r11134
This commit is contained in:
parent
2268d29e94
commit
0690f1fd7e
|
@ -17,6 +17,11 @@ Changes in version 0.1.2.xx - 2007-xxxxx
|
|||
weighting by fraction of bandwidth provided by exits. Previously,
|
||||
we would choose with only approximate fairness, and correct ourselves
|
||||
if we ran off the end of the list.
|
||||
- If we require CookieAuthentication but we fail to write the
|
||||
cookie file, we would warn but not exit, and end up in a state
|
||||
where no controller could authenticate. Now we exit.
|
||||
- If we require CookieAuthentication, stop generating a new cookie
|
||||
every time we change any piece of our config.
|
||||
|
||||
|
||||
Changes in version 0.1.2.16 - 2007-08-01
|
||||
|
|
|
@ -3,7 +3,7 @@ Backport items for 0.1.2:
|
|||
o r10956: fix the math for exit bandwidth weighting
|
||||
o r10994: Disable SENTINELS checking in order to use less RAM in
|
||||
buffer allocation.
|
||||
- r11117: cookie auth more usable
|
||||
o r11117: cookie auth more usable
|
||||
- disable v0 control protocol
|
||||
|
||||
|
||||
|
|
|
@ -958,7 +958,10 @@ options_act(or_options_t *old_options)
|
|||
/* Update address policies. */
|
||||
policies_parse_from_options(options);
|
||||
|
||||
init_cookie_authentication(options->CookieAuthentication);
|
||||
if (init_cookie_authentication(options->CookieAuthentication) < 0) {
|
||||
log_warn(LD_CONFIG,"Error creating cookie authentication file");
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* reload keys as needed for rendezvous services. */
|
||||
if (rend_service_load_keys()<0) {
|
||||
|
|
|
@ -3933,7 +3933,8 @@ control_event_guard(const char *nickname, const char *digest,
|
|||
|
||||
/** Choose a random authentication cookie and write it to disk.
|
||||
* Anybody who can read the cookie from disk will be considered
|
||||
* authorized to use the control connection. */
|
||||
* authorized to use the control connection. Return -1 if we can't
|
||||
* write the file, or 0 on success */
|
||||
int
|
||||
init_cookie_authentication(int enabled)
|
||||
{
|
||||
|
@ -3944,13 +3945,17 @@ init_cookie_authentication(int enabled)
|
|||
return 0;
|
||||
}
|
||||
|
||||
if (authentication_cookie_is_set)
|
||||
return 0;
|
||||
|
||||
tor_snprintf(fname, sizeof(fname), "%s/control_auth_cookie",
|
||||
get_options()->DataDirectory);
|
||||
crypto_rand(authentication_cookie, AUTHENTICATION_COOKIE_LEN);
|
||||
authentication_cookie_is_set = 1;
|
||||
if (write_bytes_to_file(fname, authentication_cookie,
|
||||
AUTHENTICATION_COOKIE_LEN, 1)) {
|
||||
log_warn(LD_FS,"Error writing authentication cookie.");
|
||||
log_warn(LD_FS,"Error writing authentication cookie to %s.",
|
||||
escaped(fname));
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue