[tor-commits] [arm/master] fix: cookie size check prevented multi-auth
atagar at torproject.org
atagar at torproject.org
Wed Dec 7 17:22:49 UTC 2011
commit c4e9bb71f2ce0676e2de7fb40184068bd4f5bc6a
Author: Damian Johnson <atagar at torproject.org>
Date: Wed Dec 7 08:42:10 2011 -0800
fix: cookie size check prevented multi-auth
When an exception arose in checking the cookie's size we'd always propegate
that to the caller. This was a problem with multi-auth because we'd still
have an alternative method of authentication to attempt (via the password).
---
src/starter.py | 33 +++++++++++++++++++++++++--------
1 files changed, 25 insertions(+), 8 deletions(-)
diff --git a/src/starter.py b/src/starter.py
index 8deb500..3d74315 100644
--- a/src/starter.py
+++ b/src/starter.py
@@ -212,11 +212,19 @@ def _torCtlConnect(controlAddr="127.0.0.1", controlPort=9051, passphrase=None, i
if TorCtl.TorCtl.AUTH_TYPE.PASSWORD in authTypes:
# password authentication, promting for the password if it wasn't provided
- if passphrase: authValue = passphrase
- else:
- try: authValue = getpass.getpass("Controller password: ")
+ #
+ # TODO: When handling multi-auth we should try to authenticate via the
+ # cookie first, then fall back to prompting the user for their password.
+ # With the stack of fixes and hacks we have here jerry-rigging that in
+ # without trying cookie auth twice will be a pita so leaving this alone
+ # for now. Stem will handle most of this transparently, letting us handle
+ # this much more elegantly.
+
+ if not passphrase:
+ try: passphrase = getpass.getpass("Controller password: ")
except KeyboardInterrupt: return None
- elif TorCtl.TorCtl.AUTH_TYPE.COOKIE in authTypes and authValue[0] != "/":
+
+ if TorCtl.TorCtl.AUTH_TYPE.COOKIE in authTypes and authValue[0] != "/":
# Connecting to the control port will probably fail if it's using cookie
# authentication and the cookie path is relative (unfortunately this is
# the case for TBB). This is discussed in:
@@ -253,11 +261,20 @@ def _torCtlConnect(controlAddr="127.0.0.1", controlPort=9051, passphrase=None, i
#
# https://trac.torproject.org/projects/tor/ticket/4305
- authCookieSize = os.path.getsize(conn._cookiePath)
- if authCookieSize != 32:
- raise IOError("authentication cookie '%s' is the wrong size (%i bytes instead of 32)" % (conn._cookiePath, authCookieSize))
+ try:
+ authCookieSize = os.path.getsize(conn._cookiePath)
+ if authCookieSize != 32:
+ raise IOError("authentication cookie '%s' is the wrong size (%i bytes instead of 32)" % (conn._cookiePath, authCookieSize))
+ except Exception, exc:
+ # if the above fails then either...
+ # - raise an exception if cookie auth is the only method we have to
+ # authenticate
+ # - suppress the exception and try the other connection methods if we
+ # have alternatives
+ if len(authTypes) == 1: raise exc
+ else: conn._authTypes.remove(TorCtl.TorCtl.AUTH_TYPE.COOKIE)
- conn.authenticate(authValue)
+ conn.authenticate(passphrase)
return conn
except Exception, exc:
if conn: conn.close()
More information about the tor-commits
mailing list