diff options
author | George Kadianakis <desnacked@riseup.net> | 2012-12-05 18:38:42 +0200 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2013-07-18 14:59:56 -0400 |
commit | 93b9f85d410aba1202b72e169ce386c783136b26 (patch) | |
tree | 27f9b06481a7a4d15a81665cfbd251f00cb14aca /src | |
parent | d303228ecae1d4c5d9a242b12a4546366544a170 (diff) | |
download | tor-93b9f85d410aba1202b72e169ce386c783136b26.tar.gz tor-93b9f85d410aba1202b72e169ce386c783136b26.zip |
Prepare codebase for the implementation of Extended ORPort auth.
Diffstat (limited to 'src')
-rw-r--r-- | src/or/connection.c | 10 | ||||
-rw-r--r-- | src/or/or.h | 28 |
2 files changed, 30 insertions, 8 deletions
diff --git a/src/or/connection.c b/src/or/connection.c index ad8e39c9a1..9aea501cf6 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -170,6 +170,12 @@ conn_state_to_string(int type, int state) break; case CONN_TYPE_EXT_OR: switch (state) { + case EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE: + return "waiting for authentication type"; + case EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE: + return "waiting for client nonce"; + case EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH: + return "waiting for client hash"; case EXT_OR_CONN_STATE_OPEN: return "open"; case EXT_OR_CONN_STATE_FLUSHING: return "flushing final OKAY"; } @@ -1398,8 +1404,7 @@ connection_init_accepted_conn(connection_t *conn, switch (conn->type) { case CONN_TYPE_EXT_OR: - conn->state = EXT_OR_CONN_STATE_OPEN; - break; + return connection_ext_or_start_auth(TO_OR_CONN(conn)); case CONN_TYPE_OR: control_event_or_conn_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0); rv = connection_tls_start_handshake(TO_OR_CONN(conn), 1); @@ -4450,6 +4455,7 @@ assert_connection_ok(connection_t *conn, time_t now) case CONN_TYPE_OR: tor_assert(conn->state >= OR_CONN_STATE_MIN_); tor_assert(conn->state <= OR_CONN_STATE_MAX_); + break; case CONN_TYPE_EXT_OR: tor_assert(conn->state >= EXT_OR_CONN_STATE_MIN_); tor_assert(conn->state <= EXT_OR_CONN_STATE_MAX_); diff --git a/src/or/or.h b/src/or/or.h index e81d7a902d..63d137cf15 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -315,14 +315,24 @@ typedef enum { #define OR_CONN_STATE_OPEN 8 #define OR_CONN_STATE_MAX_ 8 -/** States of Extended ORPort. */ +/** States of the Extended ORPort protocol. Be careful before changing + * the numbers: they matter. */ #define EXT_OR_CONN_STATE_MIN_ 1 -/** Extended ORPort just launched, and is accepting connections. */ -#define EXT_OR_CONN_STATE_OPEN 1 +/** Extended ORPort authentication is waiting for the authentication + * type selected by the client. */ +#define EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE 1 +/** Extended ORPort authentication is waiting for the client nonce. */ +#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE 2 +/** Extended ORPort authentication is waiting for the client hash. */ +#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH 3 +#define EXT_OR_CONN_STATE_AUTH_MAX 3 +/** Authentication finished and the Extended ORPort is now accepting + * traffic. */ +#define EXT_OR_CONN_STATE_OPEN 4 /** Extended ORPort is flushing its last messages and preparing to * start accepting OR connections. */ -#define EXT_OR_CONN_STATE_FLUSHING 2 -#define EXT_OR_CONN_STATE_MAX_ 2 +#define EXT_OR_CONN_STATE_FLUSHING 5 +#define EXT_OR_CONN_STATE_MAX_ 5 #define EXIT_CONN_STATE_MIN_ 1 /** State for an exit connection: waiting for response from DNS farm. */ @@ -1440,6 +1450,9 @@ typedef struct or_connection_t { char identity_digest[DIGEST_LEN]; /** Extended ORPort connection identifier. */ char *ext_or_conn_id; + /** Client hash of the Extended ORPort authentication scheme */ + char *ext_or_auth_correct_client_hash; + char *nickname; /**< Nickname of OR on other side (if any). */ tor_tls_t *tls; /**< TLS connection state. */ @@ -3771,7 +3784,10 @@ typedef struct { int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for * the control system? */ - char *CookieAuthFile; /**< Location of a cookie authentication file. */ + char *CookieAuthFile; /**< Filesystem location of a ControlPort + * authentication cookie. */ + char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended + * ORPort authentication cookie. */ int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */ int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to * circuits itself (0), or does it expect a controller |