r14236@tombo: nickm | 2008-02-17 13:44:55 -0500
Partial fix for bug 586: Add an ephemeral __HashedControlSessionPassword. svn:r13543
This commit is contained in:
Nick Mathewson
parent
4c1e516a09
commit
faa56a500b
|
|
@ -13,6 +13,11 @@ Changes in version 0.2.0.20-?? - 2008-02-??
|
|||
- Tune parameters for cell pool allocation to minimize amount of
|
||||
RAM overhead used.
|
||||
|
||||
o Minor features (controller):
|
||||
- Add a new __HashedControlSessionPassword option for controllers
|
||||
to use for one-off session password hashes that shouldn't get
|
||||
saved to disk by SAVECONF. Partial fix for bug 586.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Log the correct memory chunk sizes for empty RAM chunks in mempool.c.
|
||||
- Directory mirrors no longer include a guess at the client's IP
|
||||
|
|
|
|||
|
|
@ -1560,3 +1560,8 @@ $Id$
|
|||
|
||||
(Boolean. Default: "0".)
|
||||
|
||||
__HashedControlSessionPassword
|
||||
|
||||
As HashedControlPassword, but is not saved to the torrc file by
|
||||
SAVECONF. Added in Tor 0.2.0.20-rc.
|
||||
|
||||
|
|
|
|||
|
|
@ -306,6 +306,8 @@ static config_var_t _option_vars[] = {
|
|||
VAR("__AllDirActionsPrivate", BOOL, AllDirActionsPrivate, "0"),
|
||||
VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
|
||||
VAR("__LeaveStreamsUnattached",BOOL, LeaveStreamsUnattached, "0"),
|
||||
VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
|
||||
NULL),
|
||||
V(MinUptimeHidServDirectoryV2, INTERVAL, "24 hours"),
|
||||
{ NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
|
||||
};
|
||||
|
|
@ -3155,6 +3157,17 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
|||
}
|
||||
}
|
||||
|
||||
if (options->HashedControlSessionPassword) {
|
||||
smartlist_t *sl = decode_hashed_passwords(
|
||||
options->HashedControlSessionPassword);
|
||||
if (!sl) {
|
||||
REJECT("Bad HashedControlSessionPassword: wrong length or bad encoding");
|
||||
} else {
|
||||
SMARTLIST_FOREACH(sl, char*, cp, tor_free(cp));
|
||||
smartlist_free(sl);
|
||||
}
|
||||
}
|
||||
|
||||
if (options->ControlListenAddress) {
|
||||
int all_are_local = 1;
|
||||
config_line_t *ln;
|
||||
|
|
@ -3163,7 +3176,9 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
|||
all_are_local = 0;
|
||||
}
|
||||
if (!all_are_local) {
|
||||
if (!options->HashedControlPassword && !options->CookieAuthentication) {
|
||||
if (!options->HashedControlPassword &&
|
||||
!options->HashedControlSessionPassword &&
|
||||
!options->CookieAuthentication) {
|
||||
log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept "
|
||||
"connections from a non-local address. This means that "
|
||||
"any program on the internet can reconfigure your Tor. "
|
||||
|
|
@ -3179,6 +3194,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
|||
}
|
||||
|
||||
if (options->ControlPort && !options->HashedControlPassword &&
|
||||
!options->HashedControlSessionPassword &&
|
||||
!options->CookieAuthentication) {
|
||||
log_warn(LD_CONFIG, "ControlPort is open, but no authentication method "
|
||||
"has been configured. This means that any program on your "
|
||||
|
|
|
|||
|
|
@ -1034,14 +1034,16 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len,
|
|||
used_quoted_string = 1;
|
||||
}
|
||||
|
||||
if (!options->CookieAuthentication && !options->HashedControlPassword) {
|
||||
if (!options->CookieAuthentication && !options->HashedControlPassword &&
|
||||
!options->HashedControlSessionPassword) {
|
||||
/* if Tor doesn't demand any stronger authentication, then
|
||||
* the controller can get in with anything. */
|
||||
goto ok;
|
||||
}
|
||||
|
||||
if (options->CookieAuthentication) {
|
||||
int also_password = options->HashedControlPassword != NULL;
|
||||
int also_password = options->HashedControlPassword != NULL ||
|
||||
options->HashedControlSessionPassword != NULL;
|
||||
if (password_len != AUTHENTICATION_COOKIE_LEN) {
|
||||
if (!also_password) {
|
||||
log_warn(LD_CONTROL, "Got authentication cookie with wrong length "
|
||||
|
|
@ -1062,17 +1064,39 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len,
|
|||
}
|
||||
}
|
||||
|
||||
if (options->HashedControlPassword) {
|
||||
if (options->HashedControlPassword || options->HashedControlSessionPassword) {
|
||||
int bad = 0;
|
||||
smartlist_t *sl_tmp;
|
||||
char received[DIGEST_LEN];
|
||||
int also_cookie = options->CookieAuthentication;
|
||||
sl = decode_hashed_passwords(options->HashedControlPassword);
|
||||
if (!sl) {
|
||||
sl = smartlist_create();
|
||||
if (options->HashedControlPassword) {
|
||||
sl_tmp = decode_hashed_passwords(options->HashedControlPassword);
|
||||
if (!sl_tmp)
|
||||
bad = 1;
|
||||
else {
|
||||
smartlist_add_all(sl, sl_tmp);
|
||||
smartlist_free(sl_tmp);
|
||||
}
|
||||
}
|
||||
if (options->HashedControlSessionPassword) {
|
||||
sl_tmp = decode_hashed_passwords(options->HashedControlSessionPassword);
|
||||
if (!sl_tmp)
|
||||
bad = 1;
|
||||
else {
|
||||
smartlist_add_all(sl, sl_tmp);
|
||||
smartlist_free(sl_tmp);
|
||||
}
|
||||
}
|
||||
if (bad) {
|
||||
if (!also_cookie) {
|
||||
log_warn(LD_CONTROL,
|
||||
"Couldn't decode HashedControlPassword: invalid base16");
|
||||
errstr="Couldn't decode HashedControlPassword value in configuration.";
|
||||
}
|
||||
bad_password = 1;
|
||||
SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
|
||||
smartlist_free(sl);
|
||||
} else {
|
||||
SMARTLIST_FOREACH(sl, char *, expected,
|
||||
{
|
||||
|
|
|
|||
|
|
@ -2258,6 +2258,8 @@ typedef struct {
|
|||
|
||||
/** Base64-encoded hash of accepted passwords for the control system. */
|
||||
config_line_t *HashedControlPassword;
|
||||
/** As HashedControlPassword, but not saved. */
|
||||
config_line_t *HashedControlSessionPassword;
|
||||
|
||||
int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for
|
||||
* the control system? */
|
||||
|
|
|
|||
Loading…
Reference in New Issue