Commit faa56a50 authored by Nick Mathewson's avatar Nick Mathewson 🎨
Browse files

r14236@tombo: nickm | 2008-02-17 13:44:55 -0500

 Partial fix for bug 586: Add an ephemeral __HashedControlSessionPassword.


svn:r13543
parent 4c1e516a
......@@ -13,6 +13,11 @@ Changes in version 0.2.0.20-?? - 2008-02-??
- Tune parameters for cell pool allocation to minimize amount of
RAM overhead used.
o Minor features (controller):
- Add a new __HashedControlSessionPassword option for controllers
to use for one-off session password hashes that shouldn't get
saved to disk by SAVECONF. Partial fix for bug 586.
o Minor bugfixes:
- Log the correct memory chunk sizes for empty RAM chunks in mempool.c.
- Directory mirrors no longer include a guess at the client's IP
......
......@@ -1560,3 +1560,8 @@ $Id$
(Boolean. Default: "0".)
__HashedControlSessionPassword
As HashedControlPassword, but is not saved to the torrc file by
SAVECONF. Added in Tor 0.2.0.20-rc.
......@@ -306,6 +306,8 @@ static config_var_t _option_vars[] = {
VAR("__AllDirActionsPrivate", BOOL, AllDirActionsPrivate, "0"),
VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
VAR("__LeaveStreamsUnattached",BOOL, LeaveStreamsUnattached, "0"),
VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
NULL),
V(MinUptimeHidServDirectoryV2, INTERVAL, "24 hours"),
{ NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
......@@ -3155,6 +3157,17 @@ options_validate(or_options_t *old_options, or_options_t *options,
}
}
if (options->HashedControlSessionPassword) {
smartlist_t *sl = decode_hashed_passwords(
options->HashedControlSessionPassword);
if (!sl) {
REJECT("Bad HashedControlSessionPassword: wrong length or bad encoding");
} else {
SMARTLIST_FOREACH(sl, char*, cp, tor_free(cp));
smartlist_free(sl);
}
}
if (options->ControlListenAddress) {
int all_are_local = 1;
config_line_t *ln;
......@@ -3163,7 +3176,9 @@ options_validate(or_options_t *old_options, or_options_t *options,
all_are_local = 0;
}
if (!all_are_local) {
if (!options->HashedControlPassword && !options->CookieAuthentication) {
if (!options->HashedControlPassword &&
!options->HashedControlSessionPassword &&
!options->CookieAuthentication) {
log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept "
"connections from a non-local address. This means that "
"any program on the internet can reconfigure your Tor. "
......@@ -3179,6 +3194,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
}
if (options->ControlPort && !options->HashedControlPassword &&
!options->HashedControlSessionPassword &&
!options->CookieAuthentication) {
log_warn(LD_CONFIG, "ControlPort is open, but no authentication method "
"has been configured. This means that any program on your "
......
......@@ -1034,14 +1034,16 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len,
used_quoted_string = 1;
}
if (!options->CookieAuthentication && !options->HashedControlPassword) {
if (!options->CookieAuthentication && !options->HashedControlPassword &&
!options->HashedControlSessionPassword) {
/* if Tor doesn't demand any stronger authentication, then
* the controller can get in with anything. */
goto ok;
}
if (options->CookieAuthentication) {
int also_password = options->HashedControlPassword != NULL;
int also_password = options->HashedControlPassword != NULL ||
options->HashedControlSessionPassword != NULL;
if (password_len != AUTHENTICATION_COOKIE_LEN) {
if (!also_password) {
log_warn(LD_CONTROL, "Got authentication cookie with wrong length "
......@@ -1062,17 +1064,39 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len,
}
}
if (options->HashedControlPassword) {
if (options->HashedControlPassword || options->HashedControlSessionPassword) {
int bad = 0;
smartlist_t *sl_tmp;
char received[DIGEST_LEN];
int also_cookie = options->CookieAuthentication;
sl = decode_hashed_passwords(options->HashedControlPassword);
if (!sl) {
sl = smartlist_create();
if (options->HashedControlPassword) {
sl_tmp = decode_hashed_passwords(options->HashedControlPassword);
if (!sl_tmp)
bad = 1;
else {
smartlist_add_all(sl, sl_tmp);
smartlist_free(sl_tmp);
}
}
if (options->HashedControlSessionPassword) {
sl_tmp = decode_hashed_passwords(options->HashedControlSessionPassword);
if (!sl_tmp)
bad = 1;
else {
smartlist_add_all(sl, sl_tmp);
smartlist_free(sl_tmp);
}
}
if (bad) {
if (!also_cookie) {
log_warn(LD_CONTROL,
"Couldn't decode HashedControlPassword: invalid base16");
errstr="Couldn't decode HashedControlPassword value in configuration.";
}
bad_password = 1;
SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
smartlist_free(sl);
} else {
SMARTLIST_FOREACH(sl, char *, expected,
{
......
......@@ -2258,6 +2258,8 @@ typedef struct {
/** Base64-encoded hash of accepted passwords for the control system. */
config_line_t *HashedControlPassword;
/** As HashedControlPassword, but not saved. */
config_line_t *HashedControlSessionPassword;
int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for
* the control system? */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment