From: Nick Mathewson Date: Thu, 27 Mar 2025 18:41:18 +0000 (-0400) Subject: Allow searching for family keys in a FamilyKeyDirectory X-Git-Tag: tor-0.4.9.2-alpha~4^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1113dbe419c632fb90aaf916ef1846543da3af44;p=thirdparty%2Ftor.git Allow searching for family keys in a FamilyKeyDirectory --- diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt index 1b8625dda3..eb1b105202 100644 --- a/doc/man/tor.1.txt +++ b/doc/man/tor.1.txt @@ -2502,6 +2502,10 @@ is non-zero): (Note that if the seccomp2 Sandbox feature is enabled, it is not possible to change the key filenames while Tor is running.) +[[FamilyKeyDirectory]] **FamilyKeyDirectory** __directory__: + Configure a directory to use, in place of the key directory, + when searching for family ID keys. + [[Nickname]] **Nickname** __name__:: Set the server's nickname to \'name'. Nicknames must be between 1 and 19 characters inclusive, and must contain only the characters [a-zA-Z0-9]. diff --git a/src/app/config/config.c b/src/app/config/config.c index 4a09cef3fb..8c20e844d1 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -471,6 +471,8 @@ static const config_var_t option_vars_[] = { OBSOLETE("FallbackNetworkstatusFile"), VAR("FamilyId", LINELIST, FamilyId_lines, NULL), + VAR_IMMUTABLE("FamilyKeyDirectory", + FILENAME, FamilyKeyDirectory_option, NULL), V(FascistFirewall, BOOL, "0"), V(FirewallPorts, CSV, ""), OBSOLETE("FastFirstHopPK"), @@ -1045,6 +1047,7 @@ options_clear_cb(const config_mgr_t *mgr, void *opts) } tor_free(options->DataDirectory); tor_free(options->CacheDirectory); + tor_free(options->FamilyKeyDirectory); tor_free(options->KeyDirectory); tor_free(options->BridgePassword_AuthDigest_); tor_free(options->command_arg); @@ -6989,6 +6992,17 @@ validate_data_directories(or_options_t *options) options->CacheDirectory = tor_strdup(options->DataDirectory); } + tor_free(options->FamilyKeyDirectory); + if (options->FamilyKeyDirectory_option) { + options->FamilyKeyDirectory = + get_data_directory(options->FamilyKeyDirectory_option); + if (!options->FamilyKeyDirectory) + return -1; + } else { + /* Default to the key directory. */ + options->FamilyKeyDirectory = tor_strdup(options->KeyDirectory); + } + return 0; } diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 698b954ef0..c36cb7331a 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -89,6 +89,10 @@ struct or_options_t { char *KeyDirectory; /**< Where to store keys data, as modified. */ int KeyDirectoryGroupReadable; /**< Boolean: Is the KeyDirectory g+r? */ + char *FamilyKeyDirectory_option; /**< Where to look for family ID keys, + * as configured by the user. */ + char *FamilyKeyDirectory; /**< Where to look for family ID keys. */ + char *CacheDirectory_option; /**< Where to store cached data, as * configured by the user. */ char *CacheDirectory; /**< Where to store cached data, as modified. */ diff --git a/src/app/main/main.c b/src/app/main/main.c index e2ac5174bf..36e7bce599 100644 --- a/src/app/main/main.c +++ b/src/app/main/main.c @@ -960,7 +960,7 @@ sandbox_init_filter(void) #ifdef HAVE_MODULE_RELAY { smartlist_t *family_id_files = - list_family_key_files(options, options->KeyDirectory); + list_family_key_files(options, options->FamilyKeyDirectory); SMARTLIST_FOREACH(family_id_files, const char *, fn, OPEN(fn)); diff --git a/src/feature/relay/routerkeys.c b/src/feature/relay/routerkeys.c index b7a5ddabce..fc5a5376d4 100644 --- a/src/feature/relay/routerkeys.c +++ b/src/feature/relay/routerkeys.c @@ -908,7 +908,7 @@ load_family_id_keys(const or_options_t *options, const networkstatus_t *ns) { if (options->FamilyIds) { - if (load_family_id_keys_impl(options, options->KeyDirectory) < 0) + if (load_family_id_keys_impl(options, options->FamilyKeyDirectory) < 0) return -1; bool any_missing = false;