Clean up the 2972 implementation a little

diff --git a/changes/bug2972 b/changes/bug2972
new file mode 100644 (file)
index 0000000..26afcca
--- /dev/null
+++ b/changes/bug2972
@@ -0,0 +1,5 @@
+  o Minor features:
+    - Allow ControlSockets to be group-writable when the
+      ControlSocksGroupWritable configuration option is turned on. Patch
+      by Jérémy Bobbio; implements ticket 2972.
+

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index d0d0c2f7cb8bbafe8a7b5bc7576fcb2890bbcbf0..1815a8d963d64e7f2668217608f6534e1cfce938 100644 (file)
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -167,7 +167,7 @@ Other options can be specified either on the command-line (--option
     Like ControlPort, but listens on a Unix domain socket, rather than a TCP
     socket. (Unix and Unix-like systems only.)
 
-**UnixSocketsGroupWritable** **0**|**1**::
+**ControlSocketsGroupWritable** **0**|**1**::
     If this option is set to 0, don't allow the filesystem group to read and
     write unix sockets (e.g. ControlSocket). If the option is set to 1, make
     the control socket readable and writable by the default GID. (Default: 0)

diff --git a/src/or/config.c b/src/or/config.c
index c81fc9c5944bc1f34440482469666859646c80f7..614fc48c3e5181b5fec6f2b5f87040f42452eb71 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -209,7 +209,7 @@ static config_var_t _option_vars[] = {
   V(ControlPortFileGroupReadable,BOOL,     "0"),
   V(ControlPortWriteToFile,      FILENAME, NULL),
   V(ControlSocket,               LINELIST, NULL),
-  V(UnixSocketsGroupWritable,    BOOL,     "0"),
+  V(ControlSocketsGroupWritable,    BOOL,     "0"),
   V(CookieAuthentication,        BOOL,     "0"),
   V(CookieAuthFileGroupReadable, BOOL,     "0"),
   V(CookieAuthFile,              STRING,   NULL),
@@ -953,9 +953,15 @@ options_act_reversible(or_options_t *old_options, char **msg)
   }
 
 #ifndef HAVE_SYS_UN_H
-  if (options->ControlSocket || options->UnixSocketsGroupWritable) {
-    *msg = tor_strdup("Unix domain sockets (ControlSocket) not supported"
-                      " on this OS/with this build.");
+  if (options->ControlSocket || options->ControlSocketsGroupWritable) {
+    *msg = tor_strdup("Unix domain sockets (ControlSocket) not supported "
+                      "on this OS/with this build.");
+    goto rollback;
+  }
+#else
+  if (options->ControlSocketsGroupWritable && !options->ControlSocket) {
+    *msg = tor_strdup("Setting ControlSocketGroupWritable without setting"
+                      "a ControlSocket makes no sense.");
     goto rollback;
   }
 #endif

diff --git a/src/or/connection.c b/src/or/connection.c
index d0898c5e5c59ba49ddb7d817cfe7137cd55c1c63..12e00e59bb4e096bb96ca05ad493cf7d93527bcf 100644 (file)
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -966,9 +966,9 @@ connection_create_listener(const struct sockaddr *listensockaddr,
                tor_socket_strerror(tor_socket_errno(s)));
       goto err;
     }
-    if (get_options()->UnixSocketsGroupWritable) {
+    if (get_options()->ControlSocketsGroupWritable) {
       if (chmod(address, 0660) < 0) {
-        log_warn(LD_FS,"Unable to make %s group-readable.", address);
+        log_warn(LD_FS,"Unable to make %s group-writable.", address);
         tor_close_socket(s);
         goto err;
       }

diff --git a/src/or/or.h b/src/or/or.h
index b72693f02952a5f03315303f10412c16853fb10a..b9d8319ba54161e37e23f94b3668ed9eb1e502ed 100644 (file)
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2445,7 +2445,7 @@ typedef struct {
   int ControlPort; /**< Port to listen on for control connections. */
   config_line_t *ControlSocket; /**< List of Unix Domain Sockets to listen on
                                  * for control connections. */
-  int UnixSocketsGroupWritable; /**< Boolean: Are unix sockets g+rw? */
+  int ControlSocketsGroupWritable; /**< Boolean: Are control sockets g+rw? */
   int DirPort; /**< Port to listen on for directory connections. */
   int DNSPort; /**< Port to listen on for DNS requests. */
   int AssumeReachable; /**< Whether to publish our descriptor regardless. */