r14236@tombo: nickm | 2008-02-17 13:44:55 -0500

Partial fix for bug 586: Add an ephemeral __HashedControlSessionPassword.


svn:r13543
This commit is contained in:
Nick Mathewson 2008-02-17 18:45:07 +00:00
parent 4c1e516a09
commit faa56a500b
5 changed files with 58 additions and 6 deletions

View File

@ -13,6 +13,11 @@ Changes in version 0.2.0.20-?? - 2008-02-??
- Tune parameters for cell pool allocation to minimize amount of
RAM overhead used.
o Minor features (controller):
- Add a new __HashedControlSessionPassword option for controllers
to use for one-off session password hashes that shouldn't get
saved to disk by SAVECONF. Partial fix for bug 586.
o Minor bugfixes:
- Log the correct memory chunk sizes for empty RAM chunks in mempool.c.
- Directory mirrors no longer include a guess at the client's IP

View File

@ -1560,3 +1560,8 @@ $Id$
(Boolean. Default: "0".)
__HashedControlSessionPassword
As HashedControlPassword, but is not saved to the torrc file by
SAVECONF. Added in Tor 0.2.0.20-rc.

View File

@ -306,6 +306,8 @@ static config_var_t _option_vars[] = {
VAR("__AllDirActionsPrivate", BOOL, AllDirActionsPrivate, "0"),
VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
VAR("__LeaveStreamsUnattached",BOOL, LeaveStreamsUnattached, "0"),
VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
NULL),
V(MinUptimeHidServDirectoryV2, INTERVAL, "24 hours"),
{ NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
@ -3155,6 +3157,17 @@ options_validate(or_options_t *old_options, or_options_t *options,
}
}
if (options->HashedControlSessionPassword) {
smartlist_t *sl = decode_hashed_passwords(
options->HashedControlSessionPassword);
if (!sl) {
REJECT("Bad HashedControlSessionPassword: wrong length or bad encoding");
} else {
SMARTLIST_FOREACH(sl, char*, cp, tor_free(cp));
smartlist_free(sl);
}
}
if (options->ControlListenAddress) {
int all_are_local = 1;
config_line_t *ln;
@ -3163,7 +3176,9 @@ options_validate(or_options_t *old_options, or_options_t *options,
all_are_local = 0;
}
if (!all_are_local) {
if (!options->HashedControlPassword && !options->CookieAuthentication) {
if (!options->HashedControlPassword &&
!options->HashedControlSessionPassword &&
!options->CookieAuthentication) {
log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept "
"connections from a non-local address. This means that "
"any program on the internet can reconfigure your Tor. "
@ -3179,6 +3194,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
}
if (options->ControlPort && !options->HashedControlPassword &&
!options->HashedControlSessionPassword &&
!options->CookieAuthentication) {
log_warn(LD_CONFIG, "ControlPort is open, but no authentication method "
"has been configured. This means that any program on your "

View File

@ -1034,14 +1034,16 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len,
used_quoted_string = 1;
}
if (!options->CookieAuthentication && !options->HashedControlPassword) {
if (!options->CookieAuthentication && !options->HashedControlPassword &&
!options->HashedControlSessionPassword) {
/* if Tor doesn't demand any stronger authentication, then
* the controller can get in with anything. */
goto ok;
}
if (options->CookieAuthentication) {
int also_password = options->HashedControlPassword != NULL;
int also_password = options->HashedControlPassword != NULL ||
options->HashedControlSessionPassword != NULL;
if (password_len != AUTHENTICATION_COOKIE_LEN) {
if (!also_password) {
log_warn(LD_CONTROL, "Got authentication cookie with wrong length "
@ -1062,17 +1064,39 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len,
}
}
if (options->HashedControlPassword) {
if (options->HashedControlPassword || options->HashedControlSessionPassword) {
int bad = 0;
smartlist_t *sl_tmp;
char received[DIGEST_LEN];
int also_cookie = options->CookieAuthentication;
sl = decode_hashed_passwords(options->HashedControlPassword);
if (!sl) {
sl = smartlist_create();
if (options->HashedControlPassword) {
sl_tmp = decode_hashed_passwords(options->HashedControlPassword);
if (!sl_tmp)
bad = 1;
else {
smartlist_add_all(sl, sl_tmp);
smartlist_free(sl_tmp);
}
}
if (options->HashedControlSessionPassword) {
sl_tmp = decode_hashed_passwords(options->HashedControlSessionPassword);
if (!sl_tmp)
bad = 1;
else {
smartlist_add_all(sl, sl_tmp);
smartlist_free(sl_tmp);
}
}
if (bad) {
if (!also_cookie) {
log_warn(LD_CONTROL,
"Couldn't decode HashedControlPassword: invalid base16");
errstr="Couldn't decode HashedControlPassword value in configuration.";
}
bad_password = 1;
SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
smartlist_free(sl);
} else {
SMARTLIST_FOREACH(sl, char *, expected,
{

View File

@ -2258,6 +2258,8 @@ typedef struct {
/** Base64-encoded hash of accepted passwords for the control system. */
config_line_t *HashedControlPassword;
/** As HashedControlPassword, but not saved. */
config_line_t *HashedControlSessionPassword;
int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for
* the control system? */