[tor-commits] [arm/release] fix: cookie size check prevented multi-auth

Sun Apr 29 04:00:58 UTC 2012

commit c4e9bb71f2ce0676e2de7fb40184068bd4f5bc6a
Author: Damian Johnson <atagar at torproject.org>
Date:   Wed Dec 7 08:42:10 2011 -0800

    fix: cookie size check prevented multi-auth
    
    When an exception arose in checking the cookie's size we'd always propegate
    that to the caller. This was a problem with multi-auth because we'd still
    have an alternative method of authentication to attempt (via the password).
---
 src/starter.py |   33 +++++++++++++++++++++++++--------
 1 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/src/starter.py b/src/starter.py
index 8deb500..3d74315 100644
--- a/src/starter.py
+++ b/src/starter.py
@@ -212,11 +212,19 @@ def _torCtlConnect(controlAddr="127.0.0.1", controlPort=9051, passphrase=None, i
     
     if TorCtl.TorCtl.AUTH_TYPE.PASSWORD in authTypes:
       # password authentication, promting for the password if it wasn't provided
-      if passphrase: authValue = passphrase
-      else:
-        try: authValue = getpass.getpass("Controller password: ")
+      #
+      # TODO: When handling multi-auth we should try to authenticate via the
+      # cookie first, then fall back to prompting the user for their password.
+      # With the stack of fixes and hacks we have here jerry-rigging that in
+      # without trying cookie auth twice will be a pita so leaving this alone
+      # for now. Stem will handle most of this transparently, letting us handle
+      # this much more elegantly.
+      
+      if not passphrase:
+        try: passphrase = getpass.getpass("Controller password: ")
         except KeyboardInterrupt: return None
-    elif TorCtl.TorCtl.AUTH_TYPE.COOKIE in authTypes and authValue[0] != "/":
+    
+    if TorCtl.TorCtl.AUTH_TYPE.COOKIE in authTypes and authValue[0] != "/":
       # Connecting to the control port will probably fail if it's using cookie
       # authentication and the cookie path is relative (unfortunately this is
       # the case for TBB). This is discussed in:
@@ -253,11 +261,20 @@ def _torCtlConnect(controlAddr="127.0.0.1", controlPort=9051, passphrase=None, i
       #
       # https://trac.torproject.org/projects/tor/ticket/4305
       
-      authCookieSize = os.path.getsize(conn._cookiePath)
-      if authCookieSize != 32:
-        raise IOError("authentication cookie '%s' is the wrong size (%i bytes instead of 32)" % (conn._cookiePath, authCookieSize))
+      try:
+        authCookieSize = os.path.getsize(conn._cookiePath)
+        if authCookieSize != 32:
+          raise IOError("authentication cookie '%s' is the wrong size (%i bytes instead of 32)" % (conn._cookiePath, authCookieSize))
+      except Exception, exc:
+        # if the above fails then either...
+        # - raise an exception if cookie auth is the only method we have to
+        #   authenticate
+        # - suppress the exception and try the other connection methods if we
+        #   have alternatives
+        if len(authTypes) == 1: raise exc
+        else: conn._authTypes.remove(TorCtl.TorCtl.AUTH_TYPE.COOKIE)
     
-    conn.authenticate(authValue)
+    conn.authenticate(passphrase)
     return conn
   except Exception, exc:
     if conn: conn.close()



