Add support for password ("HASHEDPASSWORD") authentication.
This commit is contained in:
parent
9592666abd
commit
d109336930
|
@ -18,7 +18,7 @@ import (
|
||||||
|
|
||||||
// Authenticate authenticates with the Tor instance using the "best" possible
|
// Authenticate authenticates with the Tor instance using the "best" possible
|
||||||
// authentication method.
|
// authentication method.
|
||||||
func (c *Conn) Authenticate() error {
|
func (c *Conn) Authenticate(passwd string) error {
|
||||||
if c.isAuthenticated {
|
if c.isAuthenticated {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -29,11 +29,12 @@ func (c *Conn) Authenticate() error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: Add support for password authentication. "COOKIE" auth is
|
// "COOKIE" authentication exists, but anything modern supports
|
||||||
// superceded by "SAFECOOKIE" on all reasonable versions of Tor.
|
// "SAFECOOKIE".
|
||||||
const (
|
const (
|
||||||
cmdAuthenticate = "AUTHENTICATE"
|
cmdAuthenticate = "AUTHENTICATE"
|
||||||
authMethodNull = "NULL"
|
authMethodNull = "NULL"
|
||||||
|
authMethodPassword = "HASHEDPASSWORD"
|
||||||
authMethodSafeCookie = "SAFECOOKIE"
|
authMethodSafeCookie = "SAFECOOKIE"
|
||||||
)
|
)
|
||||||
if pi.AuthMethods[authMethodNull] {
|
if pi.AuthMethods[authMethodNull] {
|
||||||
|
@ -118,6 +119,17 @@ func (c *Conn) Authenticate() error {
|
||||||
_, err = c.Request("%s %s", cmdAuthenticate, clientHashStr)
|
_, err = c.Request("%s %s", cmdAuthenticate, clientHashStr)
|
||||||
c.isAuthenticated = err == nil
|
c.isAuthenticated = err == nil
|
||||||
return err
|
return err
|
||||||
|
} else if pi.AuthMethods[authMethodPassword] {
|
||||||
|
// Despite the name HASHEDPASSWORD, the raw password is actually sent.
|
||||||
|
// According to the code, this can either be a QuotedString, or base16
|
||||||
|
// encoded, so go with the later since it's easier to handle.
|
||||||
|
if passwd == "" {
|
||||||
|
return newProtocolError("password auth needs a password")
|
||||||
|
}
|
||||||
|
passwdStr := hex.EncodeToString([]byte(passwd))
|
||||||
|
_, err = c.Request("%s %s", cmdAuthenticate, passwdStr)
|
||||||
|
c.isAuthenticated = err == nil
|
||||||
|
return err
|
||||||
} else {
|
} else {
|
||||||
return newProtocolError("no supported authentication methods")
|
return newProtocolError("no supported authentication methods")
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,8 +26,9 @@ func main() {
|
||||||
// Do not enable in production.
|
// Do not enable in production.
|
||||||
c.Debug(true)
|
c.Debug(true)
|
||||||
|
|
||||||
// Authenticate with the control port.
|
// Authenticate with the control port. The password argument
|
||||||
if err := c.Authenticate(); err != nil {
|
// here can be "" if no password is set (CookieAuth, no auth).
|
||||||
|
if err := c.Authenticate("ExamplePassword"); err != nil {
|
||||||
log.Fatalf("Authentication failed: %v", err)
|
log.Fatalf("Authentication failed: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Reference in New Issue