Support group readable hidden service directories

If a Tor users wishes to use a system Tor with a user service they may encounter problems with not being able to utilize the hidden service due to directory permissions.

An option "HiddenServiceDirGroupReadable" similar to "ControlPortFileGroupReadable" and "CookieAuthFileGroupReadable" would resolve this issue.

Trac:
Username: anon

changed milestone to %Tor: 0.2.6.x-final

added component::core tor/tor milestone::Tor: 0.2.6.x-final priority::medium reporter::anon resolution::implemented status::closed tor-hs type::enhancement labels

Some notes: check_private_dir() knows only of user privacy, not group and is used extensively to verify the permissions on hidden service directories and files.

A naive approach of changing the permissions after created/updated gets clobbered during other start-up process, and thus is not even a workable quick hack. See rend_config_services().

Trac:
Username: anon

Things still wrong with that patch: overriding perms after call to check_private_dir(), the CPD_GROUP_READ vs. CPD_GROUP_OK not elegantness, and the way check perms only checks for need to make more restrictive, rather than set to specific desired value if not just testing. Will provide a better patch before asking for review... once brain re-charged... nom nom brains.

Trac:
Username: anon

Trac:
Username: anon

test-11291-group-readable-hsdirs.patch

Trac:
Username: anon

Changed option name to remove mention of "Dir" as this also makes the hostname readable by group members. (But not the private_key).

default permissions for HS creation

drwx------ 2 anon anon 2014-03-24 04:19 hs_test -rw------- 1 anon anon 2014-03-24 04:19 hs_test/hostname -rw------- 1 anon anon 2014-03-24 04:19 hs_test/private_key

set HiddenServiceGroupReadable 1 and you get:

drwxr-x--- 2 anon anon 2014-03-24 04:19 hs_test -rw-r----- 1 anon anon 2014-03-24 04:19 hs_test/hostname -rw------- 1 anon anon 2014-03-24 04:19 hs_test/private_key

Trac:
Username: anon

The code looks plausible at first glance, and is on-schedule for possible inclusion early in 0.2.5.x. It really needs a test-case, if possible.

Trac:
Milestone: N/A to Tor: 0.2.6.x-final
Status: new to needs_review
Keywords: N/A deleted, tor-hs added

Yes, I will add a test case. Thanks Nick!

Trac:
Username: anon

Almost done with new test_checkdir.c to verify this and other options. (No prior test coverage for check_private_dir())

I still need to sync up with ioerror and confirm this fixes his gstreamer system Tor configuration. [or reproduce same myself, and confirm. TBD.]

Trac:
Username: anon

(r, sorry, I meant "early in 0.2.6.x". I hope that won't be too long now.)

Trac:
Username: anon

test-11291-group-readable-hsdirs-wtests.patch

Updated patch with tests and cleaned up constants.

Trac:
Username: anon

NOTE: Still cleaning up this patch. Do not merge the -wtests.patch.

Trac:
Username: anon

Trac:
Cc: N/A to meejah@meejah.ca

Trac:
Username: anon

test-11291-group-redable-hsdirs-wtests-may6.patch

Rebased on current master, fixed broken linkage to new checkdir tests, onward!

Trac:
Username: anon

Trac:
Username: anon

test-11291-group-redable-hsdirs-wtests-may8.patch

o/~ "What do the tests say?" - OK ... o/~

Trac:
Username: anon

This patch is now doing what it should, and the tests confirm. It would be nice to replace other existing magic stat constants (0700, etc.) with the new defines (STAT_RWXO, etc.) however that refactoring will go in another patch...

Trac:
Username: anon