Commit 350313d7 authored by Roger Dingledine's avatar Roger Dingledine
Browse files

Let the users set ControlListenAddress in the torrc. 

This can be dangerous, but there are some cases (like a secured
LAN) where it makes sense.


svn:r5997
parent 1181ae61

doc/TODO

+1 −6
Original line number Diff line number Diff line
@@ -51,17 +51,12 @@ N - look at the proposed os x uninstaller: 
      when they feel like it.

    - update dir-spec with what we decided for each of these

N - commit edmanm's win32 makefile to tor cvs contrib

  o add a GUARD flag to the network-status entries.

    o Clients use it. (But not till the directories have upgraded!)

  - when logging unknown http headers, this could include bad escape codes?

    - more generally, attacker-controller log entries with newlines in them

      are dangerous for our users.

  - make log entries include function names in win32 again.

  - Make "setconf" and "hup" behavior cleaner for LINELIST config

    options (e.g. Log). Bug 238.

  o Were we going to load unrecognized 'state' variables into some

    list somewhere, and write them out whenever we update the state?

    To be forwards and backwards compatible.

R - streamline how we define a guard node as 'up'. document it

    somewhere.

R - reduce log severity for guard nodes.
@@ -70,7 +65,7 @@ R - failed rend desc fetches sometimes don't get retried. 
R - Add config options to not publish and not fetch rend descs.

  - Add controller interfaces to hear rend desc events and learn

    about rend descs. In base16 I guess for now.

R - let controlport be configurable on other interfaces

  o let controlport be configurable on other interfaces

R - look into "uncounting" bytes spent on local connections. so

    we can bandwidthrate but still have fast downloads.

N . Clean and future-proof exit policy formats a bit.

doc/tor.1.in

+9 −1
Original line number Diff line number Diff line
@@ -61,7 +61,7 @@ Windows since that platform lacks getrlimit(). (Default: 1024) 
.LP

.TP

\fBControlPort \fR\fIPort\fP

If set, Tor will accept connections from the same machine (localhost only) on

If set, Tor will accept connections on

this port, and allow those connections to control the Tor process using the

Tor Control Protocol (described in control-spec.txt).  Note: unless you also

specify one of \fBHashedControlPassword\fP or \fBCookieAuthentication\fP,
@@ -69,6 +69,14 @@ setting this option will cause Tor to allow any process on the local host to 
control it.

.LP

.TP

\fBControlListenAddress \fR\fIIP\fR[:\fIPORT\fR]\fP

Bind the controller listener to this address. If you specify a port,

bind to this port rather than the one specified in ControlPort. We

strongly recommend that you leave this alone unless you know what you're

doing, since giving attackers access to your control listener is really

dangerous. (Default: 127.0.0.1)

.LP

.TP

\fBHashedControlPassword \fR\fIhashed_password\fP

Don't allow any connections on the control port except when the other process

knows the password whose one-way hash is \fIhashed_password\fP.  You can

src/or/config.c

+4 −0
Original line number Diff line number Diff line
@@ -137,6 +137,7 @@ static config_var_t _option_vars[] = { 
  VAR("ClientOnly",          BOOL,     ClientOnly,           "0"),

  VAR("ConnLimit",           UINT,     ConnLimit,            "1024"),

  VAR("ContactInfo",         STRING,   ContactInfo,          NULL),

  VAR("ControlListenAddress",LINELIST, ControlListenAddress, NULL),

  VAR("ControlPort",         UINT,     ControlPort,          "0"),

  VAR("CookieAuthentication",BOOL,     CookieAuthentication, "0"),

  VAR("DataDirectory",       STRING,   DataDirectory,        NULL),
@@ -1906,6 +1907,9 @@ options_validate(or_options_t *old_options, or_options_t *options, 
  if (options->DirPort == 0 && options->DirListenAddress != NULL)

    REJECT("DirPort must be defined if DirListenAddress is defined.");



  if (options->ControlPort == 0 && options->ControlListenAddress != NULL)

    REJECT("ControlPort must be defined if ControlListenAddress is defined.");



#if 0 /* don't complain, since a standard configuration does this! */

  if (options->SocksPort == 0 && options->SocksListenAddress != NULL)

    REJECT("SocksPort must be defined if SocksListenAddress is defined.");

src/or/connection.c

+2 −1
Original line number Diff line number Diff line
@@ -973,7 +973,8 @@ retry_all_listeners(int force, smartlist_t *replaced_conns, 
                      options->SocksPort, "127.0.0.1", force,

                      replaced_conns, new_conns)<0)

    return -1;

  if (retry_listeners(CONN_TYPE_CONTROL_LISTENER, NULL,

  if (retry_listeners(CONN_TYPE_CONTROL_LISTENER,

                      options->ControlListenAddress,

                      options->ControlPort, "127.0.0.1", force,

                      replaced_conns, new_conns)<0)

    return -1;

src/or/or.h

+2 −0
Original line number Diff line number Diff line
@@ -1240,6 +1240,8 @@ typedef struct { 
  config_line_t *ORListenAddress;

  /** Addresses to bind for listening for directory connections. */

  config_line_t *DirListenAddress;

  /** Addresses to bind for listening for control connections. */

  config_line_t *ControlListenAddress;

  /** Local address to bind outbound sockets */

  char *OutboundBindAddress;

  /** Directory server only: which versions of