r14590@catbus: nickm | 2007-08-16 12:19:12 -0400

Backport r11117: exit when we fail to write an auth cookie, and do not attempt to rewrite the auth cookie every time we restart. svn:r11134
2007-08-16 16:41:41 +00:00 · 2007-08-16 16:41:41 +00:00 · 0690f1fd7e
parent 2268d29e94
commit 0690f1fd7e
4 changed files with 17 additions and 4 deletions
--- a/5
+++ b/5
@ -17,6 +17,11 @@ Changes in version 0.1.2.xx - 2007-xxxxx
      weighting by fraction of bandwidth provided by exits.  Previously,
      we would choose with only approximate fairness, and correct ourselves
      if we ran off the end of the list.
+    - If we require CookieAuthentication but we fail to write the
+      cookie file, we would warn but not exit, and end up in a state
+      where no controller could authenticate. Now we exit.
+    - If we require CookieAuthentication, stop generating a new cookie
+      every time we change any piece of our config.


 Changes in version 0.1.2.16 - 2007-08-01
--- a/doc/TODO.012
+++ b/doc/TODO.012
@ -3,7 +3,7 @@ Backport items for 0.1.2:
  o r10956: fix the math for exit bandwidth weighting
  o r10994: Disable SENTINELS checking in order to use less RAM in
    buffer allocation.
-  - r11117: cookie auth more usable
+  o r11117: cookie auth more usable
  - disable v0 control protocol


--- a/src/or/config.c
+++ b/src/or/config.c
@ -958,7 +958,10 @@ options_act(or_options_t *old_options)
  /* Update address policies. */
  policies_parse_from_options(options);

-  init_cookie_authentication(options->CookieAuthentication);
+  if (init_cookie_authentication(options->CookieAuthentication) < 0) {
+    log_warn(LD_CONFIG,"Error creating cookie authentication file");
+    return -1;
+  }

  /* reload keys as needed for rendezvous services. */
  if (rend_service_load_keys()<0) {
--- a/src/or/control.c
+++ b/src/or/control.c
@ -3933,7 +3933,8 @@ control_event_guard(const char *nickname, const char *digest,

 /** Choose a random authentication cookie and write it to disk.
 * Anybody who can read the cookie from disk will be considered
- * authorized to use the control connection. */
+ * authorized to use the control connection. Return -1 if we can't
+ * write the file, or 0 on success */
 int
 init_cookie_authentication(int enabled)
 {
@ -3944,13 +3945,17 @@ init_cookie_authentication(int enabled)
    return 0;
  }

+  if (authentication_cookie_is_set)
+    return 0;
+
  tor_snprintf(fname, sizeof(fname), "%s/control_auth_cookie",
               get_options()->DataDirectory);
  crypto_rand(authentication_cookie, AUTHENTICATION_COOKIE_LEN);
  authentication_cookie_is_set = 1;
  if (write_bytes_to_file(fname, authentication_cookie,
                          AUTHENTICATION_COOKIE_LEN, 1)) {
-    log_warn(LD_FS,"Error writing authentication cookie.");
+    log_warn(LD_FS,"Error writing authentication cookie to %s.",
+             escaped(fname));
    return -1;
  }