diff options
| author | George Kadianakis <desnacked@riseup.net> | 2013-06-04 20:00:28 +0300 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2013-08-15 12:03:37 -0400 |
| commit | 33c3e60a376291faed073dcfb6c9b8a0098572a0 (patch) | |
| tree | 85c817c417797c276b1a5849493773c5a5285408 /src/or/control.c | |
| parent | 13784d47536704e8b2fea918ffe4f9bf8c019f88 (diff) | |
| download | tor-33c3e60a376291faed073dcfb6c9b8a0098572a0.tar.gz tor-33c3e60a376291faed073dcfb6c9b8a0098572a0.zip | |
Implement and use a generic auth. cookie initialization function.
Use the generic function for both the ControlPort cookie and the
ExtORPort cookie.
Also, place the global cookie variables in the heap so that we can
pass them around more easily as pointers.
Also also, fix the unit tests that broke by this change.
Conflicts:
src/or/config.h
src/or/ext_orport.c
Diffstat (limited to 'src/or/control.c')
| -rw-r--r-- | src/or/control.c | 41 |
1 files changed, 12 insertions, 29 deletions
diff --git a/src/or/control.c b/src/or/control.c index 3a32ea6873..b6ba12702e 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -115,7 +115,7 @@ static int authentication_cookie_is_set = 0; /** If authentication_cookie_is_set, a secret cookie that we've stored to disk * and which we're using to authenticate controllers. (If the controller can * read it off disk, it has permission to connect.) */ -static char authentication_cookie[AUTHENTICATION_COOKIE_LEN]; +static uint8_t *authentication_cookie = NULL; #define SAFECOOKIE_SERVER_TO_CONTROLLER_CONSTANT \ "Tor safe cookie authentication server-to-controller hash" @@ -4446,44 +4446,27 @@ get_cookie_file(void) } } -/** Choose a random authentication cookie and write it to disk. - * Anybody who can read the cookie from disk will be considered - * authorized to use the control connection. Return -1 if we can't - * write the file, or 0 on success. */ +/* Initialize the cookie-based authentication system of the + * ControlPort. If <b>enabled</b> is 0, then disable the cookie + * authentication system. */ int init_control_cookie_authentication(int enabled) { - char *fname; + char *fname = NULL; + int retval; + if (!enabled) { authentication_cookie_is_set = 0; return 0; } - /* We don't want to generate a new cookie every time we call - * options_act(). One should be enough. */ - if (authentication_cookie_is_set) - return 0; /* all set */ - fname = get_cookie_file(); - crypto_rand(authentication_cookie, AUTHENTICATION_COOKIE_LEN); - authentication_cookie_is_set = 1; - if (write_bytes_to_file(fname, authentication_cookie, - AUTHENTICATION_COOKIE_LEN, 1)) { - log_warn(LD_FS,"Error writing authentication cookie to %s.", - escaped(fname)); - tor_free(fname); - return -1; - } -#ifndef _WIN32 - if (get_options()->CookieAuthFileGroupReadable) { - if (chmod(fname, 0640)) { - log_warn(LD_FS,"Unable to make %s group-readable.", escaped(fname)); - } - } -#endif - + retval = init_cookie_authentication(fname, "", /* no header */ + AUTHENTICATION_COOKIE_LEN, + &authentication_cookie, + &authentication_cookie_is_set); tor_free(fname); - return 0; + return retval; } /** A copy of the process specifier of Tor's owning controller, or |