diff options
| -rw-r--r-- | doc/TODO | 12 | ||||
| -rw-r--r-- | doc/tor.1.in | 24 | ||||
| -rw-r--r-- | src/or/config.c | 5 |
3 files changed, 36 insertions, 5 deletions
@@ -26,10 +26,11 @@ N - clients now have certs, which means we warn when their certs have R - fix print_usage() - Download and use running-routers R - document signals in man page -N - Document all undocumented configuration options. - - Accounting - - Control interface authentication - - ... ? +N - Check for hibernation on startup, hup, etc. + - Test hibernation a lot. + o Document all undocumented configuration options. + o Accounting + o Control interface authentication N - RPMs o Merge changes from jbash - Figure out versioning @@ -43,6 +44,9 @@ Beyond 0.0.9: - controller should have 'getinfo' command to query about rephist, about rendezvous status, etc. - weasel wants to say 50GB rather than 50000000 in config ints. + - Better hibernation flexibility + - Add hibernation intervals for weeks, days. + - Start at a time other than 0:00 GMT. - allow transition from ORPort to !ORPort, and back R . bandwidth buckets for write as well as read. - Limit to 2 dir, 2 OR, N SOCKS connections per IP. diff --git a/doc/tor.1.in b/doc/tor.1.in index a086948df1..cc827588d8 100644 --- a/doc/tor.1.in +++ b/doc/tor.1.in @@ -85,6 +85,27 @@ If 1, Tor forks and daemonizes to the background. (Default: 0) .TP \fBUser \fR\fIUID\fP On startup, setuid to this user. +.TP +\fBControlPort \fR\fIPort\fP +If set, Tor will accept connections from the same machine (localhost only) on +this port, and allow those connections to control the Tor process using the +Tor Control Protocol (described in control-spec.txt). Note: unless you also +specify one of \fBHashedControlPassword\fP or \fBCookieAuthentication\fP, +setting this option will cause Tor to allow any process on the local host to +control it. +.TP +\fBHashedControlPassword \fR\fIhashed_password\fP +Don't allow any connections on the control port except when the other process +knows the password whose one-way hash is \fIhashed_password\fP. You can +compute the hash of a password by running "tor --hash-password +\fIpassword\fP". +.TP +\fBCookieAuthentication \fR\fB0\fR|\fB1\fP +If this option is set to 1, don't allow any connections on the control port +except when the connecting process knows the contents of a file named +"control_auth_cookie", which Tor will create in its data directory. This +authentication methods should only be used on systems with good filesystem +security. .SH CLIENT OPTIONS .PP @@ -223,7 +244,8 @@ If you have more than this number of onionskins queued for decrypt, reject new o Declare that this Tor server is controlled or administered by a group or organization identical or similar to that of the other named servers. When two servers both declare that they are in the same 'family', Tor clients -will not use them in the same circuit. +will not use them in the same circuit. (Each server only need to list the +other servers in its family; it doesn't need to list itself.) .TP \fBNickname \fR\fIname\fP Set the server's nickname to 'name'. diff --git a/src/or/config.c b/src/or/config.c index 133dd85183..4fa9eae6a1 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1317,6 +1317,11 @@ options_validate(or_options_t *options) result = -1; } } + if (options->HashedControlPassword && options->CookieAuthentication) { + log_fn(LOG_WARN,"Cannot enable both HashedControlPassword and CookieAuthentication"); + result = -1; + } + if (check_nickname_list(options->ExitNodes, "ExitNodes")) result = -1; if (check_nickname_list(options->EntryNodes, "EntryNodes")) |