diff --git a/ChangeLog b/ChangeLog index e2ae4e8d06..e8ffbfd445 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,11 @@ Changes in version 0.2.0.20-?? - 2008-02-?? - Tune parameters for cell pool allocation to minimize amount of RAM overhead used. + o Minor features (controller): + - Add a new __HashedControlSessionPassword option for controllers + to use for one-off session password hashes that shouldn't get + saved to disk by SAVECONF. Partial fix for bug 586. + o Minor bugfixes: - Log the correct memory chunk sizes for empty RAM chunks in mempool.c. - Directory mirrors no longer include a guess at the client's IP diff --git a/doc/spec/control-spec.txt b/doc/spec/control-spec.txt index 1fdc0ecba4..97f0f4c9ec 100644 --- a/doc/spec/control-spec.txt +++ b/doc/spec/control-spec.txt @@ -1560,3 +1560,8 @@ $Id$ (Boolean. Default: "0".) + __HashedControlSessionPassword + + As HashedControlPassword, but is not saved to the torrc file by + SAVECONF. Added in Tor 0.2.0.20-rc. + diff --git a/src/or/config.c b/src/or/config.c index 4d6e30bb76..3a47f9449e 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -306,6 +306,8 @@ static config_var_t _option_vars[] = { VAR("__AllDirActionsPrivate", BOOL, AllDirActionsPrivate, "0"), VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"), VAR("__LeaveStreamsUnattached",BOOL, LeaveStreamsUnattached, "0"), + VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword, + NULL), V(MinUptimeHidServDirectoryV2, INTERVAL, "24 hours"), { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL } }; @@ -3155,6 +3157,17 @@ options_validate(or_options_t *old_options, or_options_t *options, } } + if (options->HashedControlSessionPassword) { + smartlist_t *sl = decode_hashed_passwords( + options->HashedControlSessionPassword); + if (!sl) { + REJECT("Bad HashedControlSessionPassword: wrong length or bad encoding"); + } else { + SMARTLIST_FOREACH(sl, char*, cp, tor_free(cp)); + smartlist_free(sl); + } + } + if (options->ControlListenAddress) { int all_are_local = 1; config_line_t *ln; @@ -3163,7 +3176,9 @@ options_validate(or_options_t *old_options, or_options_t *options, all_are_local = 0; } if (!all_are_local) { - if (!options->HashedControlPassword && !options->CookieAuthentication) { + if (!options->HashedControlPassword && + !options->HashedControlSessionPassword && + !options->CookieAuthentication) { log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept " "connections from a non-local address. This means that " "any program on the internet can reconfigure your Tor. " @@ -3179,6 +3194,7 @@ options_validate(or_options_t *old_options, or_options_t *options, } if (options->ControlPort && !options->HashedControlPassword && + !options->HashedControlSessionPassword && !options->CookieAuthentication) { log_warn(LD_CONFIG, "ControlPort is open, but no authentication method " "has been configured. This means that any program on your " diff --git a/src/or/control.c b/src/or/control.c index 220673fe7d..106327cc7d 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -1034,14 +1034,16 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len, used_quoted_string = 1; } - if (!options->CookieAuthentication && !options->HashedControlPassword) { + if (!options->CookieAuthentication && !options->HashedControlPassword && + !options->HashedControlSessionPassword) { /* if Tor doesn't demand any stronger authentication, then * the controller can get in with anything. */ goto ok; } if (options->CookieAuthentication) { - int also_password = options->HashedControlPassword != NULL; + int also_password = options->HashedControlPassword != NULL || + options->HashedControlSessionPassword != NULL; if (password_len != AUTHENTICATION_COOKIE_LEN) { if (!also_password) { log_warn(LD_CONTROL, "Got authentication cookie with wrong length " @@ -1062,17 +1064,39 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len, } } - if (options->HashedControlPassword) { + if (options->HashedControlPassword || options->HashedControlSessionPassword) { + int bad = 0; + smartlist_t *sl_tmp; char received[DIGEST_LEN]; int also_cookie = options->CookieAuthentication; - sl = decode_hashed_passwords(options->HashedControlPassword); - if (!sl) { + sl = smartlist_create(); + if (options->HashedControlPassword) { + sl_tmp = decode_hashed_passwords(options->HashedControlPassword); + if (!sl_tmp) + bad = 1; + else { + smartlist_add_all(sl, sl_tmp); + smartlist_free(sl_tmp); + } + } + if (options->HashedControlSessionPassword) { + sl_tmp = decode_hashed_passwords(options->HashedControlSessionPassword); + if (!sl_tmp) + bad = 1; + else { + smartlist_add_all(sl, sl_tmp); + smartlist_free(sl_tmp); + } + } + if (bad) { if (!also_cookie) { log_warn(LD_CONTROL, "Couldn't decode HashedControlPassword: invalid base16"); errstr="Couldn't decode HashedControlPassword value in configuration."; } bad_password = 1; + SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp)); + smartlist_free(sl); } else { SMARTLIST_FOREACH(sl, char *, expected, { diff --git a/src/or/or.h b/src/or/or.h index 28c7bfdbd3..5a0a10d502 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2258,6 +2258,8 @@ typedef struct { /** Base64-encoded hash of accepted passwords for the control system. */ config_line_t *HashedControlPassword; + /** As HashedControlPassword, but not saved. */ + config_line_t *HashedControlSessionPassword; int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for * the control system? */