From ba1c6a1303fa771da52a337b24147a1cf6ecce42 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 7 Feb 2025 06:39:54 +0000 Subject: [PATCH] zcash_client_backend: Allow disabling Tor directory permissions tightening Closes zcash/librustzcash#1686. --- Cargo.lock | 1 + Cargo.toml | 1 + zcash_client_backend/CHANGELOG.md | 3 +++ zcash_client_backend/Cargo.toml | 2 ++ zcash_client_backend/src/tor.rs | 23 ++++++++++++++++++----- 5 files changed, 25 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2aa7cfa5c..b46413b71 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -6158,6 +6158,7 @@ dependencies = [ "crossbeam-channel", "document-features", "dynosaur", + "fs-mistrust", "futures-util", "group", "gumdrop", diff --git a/Cargo.toml b/Cargo.toml index 270af3862..e4d5b363a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -158,6 +158,7 @@ incrementalmerkletree-testing = "0.3" # failure due to incompatible `libsqlite3-sys` versions. arti-client = { version = "0.23", default-features = false, features = ["compression", "rustls", "tokio"] } dynosaur = "0.1.1" +fs-mistrust = "0.8" tokio = "1" tor-rtcompat = "0.23" tower = "0.4" diff --git a/zcash_client_backend/CHANGELOG.md b/zcash_client_backend/CHANGELOG.md index e14fce74d..5ab7e0a11 100644 --- a/zcash_client_backend/CHANGELOG.md +++ b/zcash_client_backend/CHANGELOG.md @@ -11,6 +11,9 @@ and this library adheres to Rust's notion of - MSRV is now 1.81.0. - Migrated to `bip32 =0.6.0-pre.1`, `nonempty 0.11`, `incrementalmerkletree 0.8`, `shardtree 0.6`. +- `zcash_client_backend::tor`: + - `tor::Client::create` now takes an optional `with_permissions` argument for + configuring `fs_mistrust::Mistrust`. - `zcash_client_backend::wallet::Recipient` has changed: - The `Recipient::External` variant is now a structured variant. - The `Recipient::EphemeralTransparent` variant is now only available if diff --git a/zcash_client_backend/Cargo.toml b/zcash_client_backend/Cargo.toml index 25680760c..cfebc640e 100644 --- a/zcash_client_backend/Cargo.toml +++ b/zcash_client_backend/Cargo.toml @@ -120,6 +120,7 @@ crossbeam-channel.workspace = true rayon.workspace = true # - Tor +fs-mistrust = { workspace = true, optional = true } tokio = { workspace = true, optional = true, features = ["fs"] } tor-rtcompat = { workspace = true, optional = true } tower = { workspace = true, optional = true } @@ -201,6 +202,7 @@ sync = [ tor = [ "dep:arti-client", "dep:dynosaur", + "dep:fs-mistrust", "dep:futures-util", "dep:http-body-util", "dep:hyper", diff --git a/zcash_client_backend/src/tor.rs b/zcash_client_backend/src/tor.rs index 8c900ab5c..7c600e338 100644 --- a/zcash_client_backend/src/tor.rs +++ b/zcash_client_backend/src/tor.rs @@ -24,20 +24,33 @@ impl Client { /// Preserving the contents of this directory will speed up subsequent calls to /// `Client::create`. /// + /// If `with_permissions` is `None`, the default from [`arti_client`] will be used + /// (enable permissions checks unless the `ARTI_FS_DISABLE_PERMISSION_CHECKS` env + /// variable is set). + /// /// Returns an error if `tor_dir` does not exist, or if bootstrapping fails. - pub async fn create(tor_dir: &Path) -> Result { + pub async fn create( + tor_dir: &Path, + with_permissions: Option, + ) -> Result { let runtime = PreferredRuntime::current()?; if !tokio::fs::try_exists(tor_dir).await? { return Err(Error::MissingTorDirectory); } - let config = TorClientConfigBuilder::from_directories( + let mut config_builder = TorClientConfigBuilder::from_directories( tor_dir.join("arti-data"), tor_dir.join("arti-cache"), - ) - .build() - .expect("all required fields initialized"); + ); + + if let Some(f) = with_permissions { + f(config_builder.storage().permissions()); + } + + let config = config_builder + .build() + .expect("all required fields initialized"); let client_builder = TorClient::with_runtime(runtime).config(config);