tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit 1113dbe419c632fb90aaf916ef1846543da3af44
parent 072e3994d760b3e08e6dc0510aed06dc18924348
Author: Nick Mathewson <nickm@torproject.org>
Date:   Thu, 27 Mar 2025 14:41:18 -0400

Allow searching for family keys in a FamilyKeyDirectory

Diffstat:

Mdoc/man/tor.1.txt | 4++++


Msrc/app/config/config.c | 14++++++++++++++


Msrc/app/config/or_options_st.h | 4++++


Msrc/app/main/main.c | 2+-


Msrc/feature/relay/routerkeys.c | 2+-


5 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt
@@ -2502,6 +2502,10 @@ is non-zero):
     (Note that if the seccomp2 Sandbox feature is enabled,
     it is not possible to change the key filenames while Tor is running.)
 
+[[FamilyKeyDirectory]] **FamilyKeyDirectory** __directory__:
+    Configure a directory to use, in place of the key directory,
+    when searching for family ID keys.
+
 [[Nickname]] **Nickname** __name__::
     Set the server's nickname to \'name'. Nicknames must be between 1 and 19
     characters inclusive, and must contain only the characters [a-zA-Z0-9].
diff --git a/src/app/config/config.c b/src/app/config/config.c
@@ -471,6 +471,8 @@ static const config_var_t option_vars_[] = {
 
   OBSOLETE("FallbackNetworkstatusFile"),
   VAR("FamilyId",                LINELIST, FamilyId_lines,   NULL),
+  VAR_IMMUTABLE("FamilyKeyDirectory",
+                FILENAME, FamilyKeyDirectory_option, NULL),
   V(FascistFirewall,             BOOL,     "0"),
   V(FirewallPorts,               CSV,      ""),
   OBSOLETE("FastFirstHopPK"),
@@ -1045,6 +1047,7 @@ options_clear_cb(const config_mgr_t *mgr, void *opts)
   }
   tor_free(options->DataDirectory);
   tor_free(options->CacheDirectory);
+  tor_free(options->FamilyKeyDirectory);
   tor_free(options->KeyDirectory);
   tor_free(options->BridgePassword_AuthDigest_);
   tor_free(options->command_arg);
@@ -6989,6 +6992,17 @@ validate_data_directories(or_options_t *options)
     options->CacheDirectory = tor_strdup(options->DataDirectory);
   }
 
+  tor_free(options->FamilyKeyDirectory);
+  if (options->FamilyKeyDirectory_option) {
+    options->FamilyKeyDirectory =
+      get_data_directory(options->FamilyKeyDirectory_option);
+    if (!options->FamilyKeyDirectory)
+      return -1;
+  } else {
+    /* Default to the key directory. */
+    options->FamilyKeyDirectory = tor_strdup(options->KeyDirectory);
+  }
+
   return 0;
 }
 
diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h
@@ -89,6 +89,10 @@ struct or_options_t {
   char *KeyDirectory; /**< Where to store keys data, as modified. */
   int KeyDirectoryGroupReadable; /**< Boolean: Is the KeyDirectory g+r? */
 
+  char *FamilyKeyDirectory_option; /**< Where to look for family ID keys,
+                                    * as configured by the user. */
+  char *FamilyKeyDirectory; /**< Where to look for family ID keys. */
+
   char *CacheDirectory_option; /**< Where to store cached data, as
                                * configured by the user. */
   char *CacheDirectory; /**< Where to store cached data, as modified. */
diff --git a/src/app/main/main.c b/src/app/main/main.c
@@ -960,7 +960,7 @@ sandbox_init_filter(void)
 #ifdef HAVE_MODULE_RELAY
   {
     smartlist_t *family_id_files =
-      list_family_key_files(options, options->KeyDirectory);
+      list_family_key_files(options, options->FamilyKeyDirectory);
 
     SMARTLIST_FOREACH(family_id_files, const char *, fn,
                       OPEN(fn));
diff --git a/src/feature/relay/routerkeys.c b/src/feature/relay/routerkeys.c
@@ -908,7 +908,7 @@ load_family_id_keys(const or_options_t *options,
                     const networkstatus_t *ns)
 {
   if (options->FamilyIds) {
-    if (load_family_id_keys_impl(options, options->KeyDirectory) < 0)
+    if (load_family_id_keys_impl(options, options->FamilyKeyDirectory) < 0)
       return -1;
 
     bool any_missing = false;