sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

r14590@catbus: nickm | 2007-08-16 12:19:12 -0400 

Backport r11117: exit when we fail to write an auth cookie, and do not attempt to rewrite the auth cookie every time we restart.


svn:r11134
This commit is contained in:
Nick Mathewson 2007-08-16 16:41:41 +00:00
parent 2268d29e94
commit 0690f1fd7e
4 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -17,6 +17,11 @@ Changes in version 0.1.2.xx - 2007-xxxxx
weighting by fraction of bandwidth provided by exits. Previously, weighting by fraction of bandwidth provided by exits. Previously,
we would choose with only approximate fairness, and correct ourselves we would choose with only approximate fairness, and correct ourselves
if we ran off the end of the list. if we ran off the end of the list.
- If we require CookieAuthentication but we fail to write the
cookie file, we would warn but not exit, and end up in a state
where no controller could authenticate. Now we exit.
- If we require CookieAuthentication, stop generating a new cookie
every time we change any piece of our config.
Changes in version 0.1.2.16 - 2007-08-01 Changes in version 0.1.2.16 - 2007-08-01

2
doc/TODO.012
View File

@ -3,7 +3,7 @@ Backport items for 0.1.2:
o r10956: fix the math for exit bandwidth weighting o r10956: fix the math for exit bandwidth weighting
o r10994: Disable SENTINELS checking in order to use less RAM in o r10994: Disable SENTINELS checking in order to use less RAM in
buffer allocation. buffer allocation.
- r11117: cookie auth more usable o r11117: cookie auth more usable
- disable v0 control protocol - disable v0 control protocol

5
src/or/config.c
View File

@ -958,7 +958,10 @@ options_act(or_options_t *old_options)
/* Update address policies. */ /* Update address policies. */
policies_parse_from_options(options); policies_parse_from_options(options);
init_cookie_authentication(options->CookieAuthentication); if (init_cookie_authentication(options->CookieAuthentication) < 0) {
log_warn(LD_CONFIG,"Error creating cookie authentication file");
return -1;
}
/* reload keys as needed for rendezvous services. */ /* reload keys as needed for rendezvous services. */
if (rend_service_load_keys()<0) { if (rend_service_load_keys()<0) {

9
src/or/control.c
View File

@ -3933,7 +3933,8 @@ control_event_guard(const char *nickname, const char *digest,
/** Choose a random authentication cookie and write it to disk. /** Choose a random authentication cookie and write it to disk.
* Anybody who can read the cookie from disk will be considered * Anybody who can read the cookie from disk will be considered
* authorized to use the control connection. */ * authorized to use the control connection. Return -1 if we can't
* write the file, or 0 on success */
int int
init_cookie_authentication(int enabled) init_cookie_authentication(int enabled)
{ {
@ -3944,13 +3945,17 @@ init_cookie_authentication(int enabled)
return 0; return 0;
} }
if (authentication_cookie_is_set)
return 0;
tor_snprintf(fname, sizeof(fname), "%s/control_auth_cookie", tor_snprintf(fname, sizeof(fname), "%s/control_auth_cookie",
get_options()->DataDirectory); get_options()->DataDirectory);
crypto_rand(authentication_cookie, AUTHENTICATION_COOKIE_LEN); crypto_rand(authentication_cookie, AUTHENTICATION_COOKIE_LEN);
authentication_cookie_is_set = 1; authentication_cookie_is_set = 1;
if (write_bytes_to_file(fname, authentication_cookie, if (write_bytes_to_file(fname, authentication_cookie,
AUTHENTICATION_COOKIE_LEN, 1)) { AUTHENTICATION_COOKIE_LEN, 1)) {
log_warn(LD_FS,"Error writing authentication cookie."); log_warn(LD_FS,"Error writing authentication cookie to %s.",
escaped(fname));
return -1; return -1;
} }