Add support for password ("HASHEDPASSWORD") authentication.
This commit is contained in:
parent
9592666abd
commit
d109336930
|
@ -18,7 +18,7 @@ import (
|
|||
|
||||
// Authenticate authenticates with the Tor instance using the "best" possible
|
||||
// authentication method.
|
||||
func (c *Conn) Authenticate() error {
|
||||
func (c *Conn) Authenticate(passwd string) error {
|
||||
if c.isAuthenticated {
|
||||
return nil
|
||||
}
|
||||
|
@ -29,11 +29,12 @@ func (c *Conn) Authenticate() error {
|
|||
return err
|
||||
}
|
||||
|
||||
// TODO: Add support for password authentication. "COOKIE" auth is
|
||||
// superceded by "SAFECOOKIE" on all reasonable versions of Tor.
|
||||
// "COOKIE" authentication exists, but anything modern supports
|
||||
// "SAFECOOKIE".
|
||||
const (
|
||||
cmdAuthenticate = "AUTHENTICATE"
|
||||
authMethodNull = "NULL"
|
||||
authMethodPassword = "HASHEDPASSWORD"
|
||||
authMethodSafeCookie = "SAFECOOKIE"
|
||||
)
|
||||
if pi.AuthMethods[authMethodNull] {
|
||||
|
@ -118,6 +119,17 @@ func (c *Conn) Authenticate() error {
|
|||
_, err = c.Request("%s %s", cmdAuthenticate, clientHashStr)
|
||||
c.isAuthenticated = err == nil
|
||||
return err
|
||||
} else if pi.AuthMethods[authMethodPassword] {
|
||||
// Despite the name HASHEDPASSWORD, the raw password is actually sent.
|
||||
// According to the code, this can either be a QuotedString, or base16
|
||||
// encoded, so go with the later since it's easier to handle.
|
||||
if passwd == "" {
|
||||
return newProtocolError("password auth needs a password")
|
||||
}
|
||||
passwdStr := hex.EncodeToString([]byte(passwd))
|
||||
_, err = c.Request("%s %s", cmdAuthenticate, passwdStr)
|
||||
c.isAuthenticated = err == nil
|
||||
return err
|
||||
} else {
|
||||
return newProtocolError("no supported authentication methods")
|
||||
}
|
||||
|
|
|
@ -26,8 +26,9 @@ func main() {
|
|||
// Do not enable in production.
|
||||
c.Debug(true)
|
||||
|
||||
// Authenticate with the control port.
|
||||
if err := c.Authenticate(); err != nil {
|
||||
// Authenticate with the control port. The password argument
|
||||
// here can be "" if no password is set (CookieAuth, no auth).
|
||||
if err := c.Authenticate("ExamplePassword"); err != nil {
|
||||
log.Fatalf("Authentication failed: %v", err)
|
||||
}
|
||||
|
||||
|
|
Reference in New Issue