Let the users set ControlListenAddress in the torrc.

This can be dangerous, but there are some cases (like a secured
LAN) where it makes sense.


svn:r5997
This commit is contained in:
Roger Dingledine 2006-02-13 06:25:16 +00:00
parent 1181ae61ae
commit 350313d77a
5 changed files with 18 additions and 8 deletions

View File

@ -51,17 +51,12 @@ N - look at the proposed os x uninstaller:
when they feel like it.
- update dir-spec with what we decided for each of these
N - commit edmanm's win32 makefile to tor cvs contrib
o add a GUARD flag to the network-status entries.
o Clients use it. (But not till the directories have upgraded!)
- when logging unknown http headers, this could include bad escape codes?
- more generally, attacker-controller log entries with newlines in them
are dangerous for our users.
- make log entries include function names in win32 again.
- Make "setconf" and "hup" behavior cleaner for LINELIST config
options (e.g. Log). Bug 238.
o Were we going to load unrecognized 'state' variables into some
list somewhere, and write them out whenever we update the state?
To be forwards and backwards compatible.
R - streamline how we define a guard node as 'up'. document it
somewhere.
R - reduce log severity for guard nodes.
@ -70,7 +65,7 @@ R - failed rend desc fetches sometimes don't get retried.
R - Add config options to not publish and not fetch rend descs.
- Add controller interfaces to hear rend desc events and learn
about rend descs. In base16 I guess for now.
R - let controlport be configurable on other interfaces
o let controlport be configurable on other interfaces
R - look into "uncounting" bytes spent on local connections. so
we can bandwidthrate but still have fast downloads.
N . Clean and future-proof exit policy formats a bit.

View File

@ -61,7 +61,7 @@ Windows since that platform lacks getrlimit(). (Default: 1024)
.LP
.TP
\fBControlPort \fR\fIPort\fP
If set, Tor will accept connections from the same machine (localhost only) on
If set, Tor will accept connections on
this port, and allow those connections to control the Tor process using the
Tor Control Protocol (described in control-spec.txt). Note: unless you also
specify one of \fBHashedControlPassword\fP or \fBCookieAuthentication\fP,
@ -69,6 +69,14 @@ setting this option will cause Tor to allow any process on the local host to
control it.
.LP
.TP
\fBControlListenAddress \fR\fIIP\fR[:\fIPORT\fR]\fP
Bind the controller listener to this address. If you specify a port,
bind to this port rather than the one specified in ControlPort. We
strongly recommend that you leave this alone unless you know what you're
doing, since giving attackers access to your control listener is really
dangerous. (Default: 127.0.0.1)
.LP
.TP
\fBHashedControlPassword \fR\fIhashed_password\fP
Don't allow any connections on the control port except when the other process
knows the password whose one-way hash is \fIhashed_password\fP. You can

View File

@ -137,6 +137,7 @@ static config_var_t _option_vars[] = {
VAR("ClientOnly", BOOL, ClientOnly, "0"),
VAR("ConnLimit", UINT, ConnLimit, "1024"),
VAR("ContactInfo", STRING, ContactInfo, NULL),
VAR("ControlListenAddress",LINELIST, ControlListenAddress, NULL),
VAR("ControlPort", UINT, ControlPort, "0"),
VAR("CookieAuthentication",BOOL, CookieAuthentication, "0"),
VAR("DataDirectory", STRING, DataDirectory, NULL),
@ -1906,6 +1907,9 @@ options_validate(or_options_t *old_options, or_options_t *options,
if (options->DirPort == 0 && options->DirListenAddress != NULL)
REJECT("DirPort must be defined if DirListenAddress is defined.");
if (options->ControlPort == 0 && options->ControlListenAddress != NULL)
REJECT("ControlPort must be defined if ControlListenAddress is defined.");
#if 0 /* don't complain, since a standard configuration does this! */
if (options->SocksPort == 0 && options->SocksListenAddress != NULL)
REJECT("SocksPort must be defined if SocksListenAddress is defined.");

View File

@ -973,7 +973,8 @@ retry_all_listeners(int force, smartlist_t *replaced_conns,
options->SocksPort, "127.0.0.1", force,
replaced_conns, new_conns)<0)
return -1;
if (retry_listeners(CONN_TYPE_CONTROL_LISTENER, NULL,
if (retry_listeners(CONN_TYPE_CONTROL_LISTENER,
options->ControlListenAddress,
options->ControlPort, "127.0.0.1", force,
replaced_conns, new_conns)<0)
return -1;

View File

@ -1240,6 +1240,8 @@ typedef struct {
config_line_t *ORListenAddress;
/** Addresses to bind for listening for directory connections. */
config_line_t *DirListenAddress;
/** Addresses to bind for listening for control connections. */
config_line_t *ControlListenAddress;
/** Local address to bind outbound sockets */
char *OutboundBindAddress;
/** Directory server only: which versions of