Loading src/cli/controller.py +4 −0 Original line number Original line Diff line number Diff line Loading @@ -552,6 +552,10 @@ class TorManager: if authType == TorCtl.AUTH_TYPE.COOKIE: if authType == TorCtl.AUTH_TYPE.COOKIE: try: try: authCookieSize = os.path.getsize(authValue) if authCookieSize != 32: raise IOError("authentication cookie '%s' is the wrong size (%i bytes instead of 32)" % (authValue, authCookieSize)) torctlConn.authenticate(authValue) torctlConn.authenticate(authValue) torTools.getConn().init(torctlConn) torTools.getConn().init(torctlConn) except Exception, exc: except Exception, exc: Loading src/cli/headerPanel.py +10 −0 Original line number Original line Diff line number Diff line Loading @@ -146,6 +146,12 @@ class HeaderPanel(panel.Panel, threading.Thread): cli.popups.showMsg("Unable to reconnect (socket '%s' doesn't exist)" % self._config["startup.interface.socket"], 3) cli.popups.showMsg("Unable to reconnect (socket '%s' doesn't exist)" % self._config["startup.interface.socket"], 3) if not torctlConn and allowPortConnection: if not torctlConn and allowPortConnection: # TODO: This has diverged from starter.py's connection, for instance it # doesn't account for relative cookie paths or multiple authentication # methods. We can't use the starter.py's connection function directly # due to password prompts, but we could certainly make this mess more # manageable. try: try: ctlAddr, ctlPort = self._config["startup.interface.ipAddress"], self._config["startup.interface.port"] ctlAddr, ctlPort = self._config["startup.interface.ipAddress"], self._config["startup.interface.port"] tmpConn, authType, authValue = TorCtl.TorCtl.preauth_connect(ctlAddr, ctlPort) tmpConn, authType, authValue = TorCtl.TorCtl.preauth_connect(ctlAddr, ctlPort) Loading @@ -153,6 +159,10 @@ class HeaderPanel(panel.Panel, threading.Thread): if authType == TorCtl.TorCtl.AUTH_TYPE.PASSWORD: if authType == TorCtl.TorCtl.AUTH_TYPE.PASSWORD: authValue = cli.popups.inputPrompt("Controller Password: ") authValue = cli.popups.inputPrompt("Controller Password: ") if not authValue: raise IOError() # cancel reconnection if not authValue: raise IOError() # cancel reconnection elif authType == TorCtl.TorCtl.AUTH_TYPE.COOKIE: authCookieSize = os.path.getsize(authValue) if authCookieSize != 32: raise IOError("authentication cookie '%s' is the wrong size (%i bytes instead of 32)" % (authValue, authCookieSize)) tmpConn.authenticate(authValue) tmpConn.authenticate(authValue) torctlConn = tmpConn torctlConn = tmpConn Loading src/starter.py +13 −0 Original line number Original line Diff line number Diff line Loading @@ -244,6 +244,19 @@ def _torCtlConnect(controlAddr="127.0.0.1", controlPort=9051, passphrase=None, i conn._cookiePath = os.path.join(pathPrefix, pathSuffix) conn._cookiePath = os.path.join(pathPrefix, pathSuffix) # Abort if the file isn't 32 bytes long. This is to avoid exposing # arbitrary file content to the port. # # Without this a malicious socket could, for instance, claim that # '~/.bash_history' or '~/.ssh/id_rsa' was its authentication cookie to # trick us into reading it for them with our current permissions. # # https://trac.torproject.org/projects/tor/ticket/4305 authCookieSize = os.path.getsize(conn._cookiePath) if authCookieSize != 32: raise IOError("authentication cookie '%s' is the wrong size (%i bytes instead of 32)" % (conn._cookiePath, authCookieSize)) conn.authenticate(authValue) conn.authenticate(authValue) return conn return conn except Exception, exc: except Exception, exc: Loading src/util/torConfig.py +8 −0 Original line number Original line Diff line number Diff line Loading @@ -580,6 +580,14 @@ def validate(contents = None): # checks if any custom options are missing from the torrc # checks if any custom options are missing from the torrc for option in customOptions: for option in customOptions: # In new versions the 'DirReqStatistics' option is true by default and # disabled on startup if geoip lookups are unavailable. If this option is # missing then that's most likely the reason. # # https://trac.torproject.org/projects/tor/ticket/4237 if option == "DirReqStatistics": continue if not option in seenOptions: if not option in seenOptions: issuesFound.append((None, ValidationError.MISSING, option)) issuesFound.append((None, ValidationError.MISSING, option)) Loading Loading
src/cli/controller.py +4 −0 Original line number Original line Diff line number Diff line Loading @@ -552,6 +552,10 @@ class TorManager: if authType == TorCtl.AUTH_TYPE.COOKIE: if authType == TorCtl.AUTH_TYPE.COOKIE: try: try: authCookieSize = os.path.getsize(authValue) if authCookieSize != 32: raise IOError("authentication cookie '%s' is the wrong size (%i bytes instead of 32)" % (authValue, authCookieSize)) torctlConn.authenticate(authValue) torctlConn.authenticate(authValue) torTools.getConn().init(torctlConn) torTools.getConn().init(torctlConn) except Exception, exc: except Exception, exc: Loading
src/cli/headerPanel.py +10 −0 Original line number Original line Diff line number Diff line Loading @@ -146,6 +146,12 @@ class HeaderPanel(panel.Panel, threading.Thread): cli.popups.showMsg("Unable to reconnect (socket '%s' doesn't exist)" % self._config["startup.interface.socket"], 3) cli.popups.showMsg("Unable to reconnect (socket '%s' doesn't exist)" % self._config["startup.interface.socket"], 3) if not torctlConn and allowPortConnection: if not torctlConn and allowPortConnection: # TODO: This has diverged from starter.py's connection, for instance it # doesn't account for relative cookie paths or multiple authentication # methods. We can't use the starter.py's connection function directly # due to password prompts, but we could certainly make this mess more # manageable. try: try: ctlAddr, ctlPort = self._config["startup.interface.ipAddress"], self._config["startup.interface.port"] ctlAddr, ctlPort = self._config["startup.interface.ipAddress"], self._config["startup.interface.port"] tmpConn, authType, authValue = TorCtl.TorCtl.preauth_connect(ctlAddr, ctlPort) tmpConn, authType, authValue = TorCtl.TorCtl.preauth_connect(ctlAddr, ctlPort) Loading @@ -153,6 +159,10 @@ class HeaderPanel(panel.Panel, threading.Thread): if authType == TorCtl.TorCtl.AUTH_TYPE.PASSWORD: if authType == TorCtl.TorCtl.AUTH_TYPE.PASSWORD: authValue = cli.popups.inputPrompt("Controller Password: ") authValue = cli.popups.inputPrompt("Controller Password: ") if not authValue: raise IOError() # cancel reconnection if not authValue: raise IOError() # cancel reconnection elif authType == TorCtl.TorCtl.AUTH_TYPE.COOKIE: authCookieSize = os.path.getsize(authValue) if authCookieSize != 32: raise IOError("authentication cookie '%s' is the wrong size (%i bytes instead of 32)" % (authValue, authCookieSize)) tmpConn.authenticate(authValue) tmpConn.authenticate(authValue) torctlConn = tmpConn torctlConn = tmpConn Loading
src/starter.py +13 −0 Original line number Original line Diff line number Diff line Loading @@ -244,6 +244,19 @@ def _torCtlConnect(controlAddr="127.0.0.1", controlPort=9051, passphrase=None, i conn._cookiePath = os.path.join(pathPrefix, pathSuffix) conn._cookiePath = os.path.join(pathPrefix, pathSuffix) # Abort if the file isn't 32 bytes long. This is to avoid exposing # arbitrary file content to the port. # # Without this a malicious socket could, for instance, claim that # '~/.bash_history' or '~/.ssh/id_rsa' was its authentication cookie to # trick us into reading it for them with our current permissions. # # https://trac.torproject.org/projects/tor/ticket/4305 authCookieSize = os.path.getsize(conn._cookiePath) if authCookieSize != 32: raise IOError("authentication cookie '%s' is the wrong size (%i bytes instead of 32)" % (conn._cookiePath, authCookieSize)) conn.authenticate(authValue) conn.authenticate(authValue) return conn return conn except Exception, exc: except Exception, exc: Loading
src/util/torConfig.py +8 −0 Original line number Original line Diff line number Diff line Loading @@ -580,6 +580,14 @@ def validate(contents = None): # checks if any custom options are missing from the torrc # checks if any custom options are missing from the torrc for option in customOptions: for option in customOptions: # In new versions the 'DirReqStatistics' option is true by default and # disabled on startup if geoip lookups are unavailable. If this option is # missing then that's most likely the reason. # # https://trac.torproject.org/projects/tor/ticket/4237 if option == "DirReqStatistics": continue if not option in seenOptions: if not option in seenOptions: issuesFound.append((None, ValidationError.MISSING, option)) issuesFound.append((None, ValidationError.MISSING, option)) Loading
