summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/or/connection.c10
-rw-r--r--src/or/or.h28
2 files changed, 30 insertions, 8 deletions
diff --git a/src/or/connection.c b/src/or/connection.c
index ad8e39c9a1..9aea501cf6 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -170,6 +170,12 @@ conn_state_to_string(int type, int state)
break;
case CONN_TYPE_EXT_OR:
switch (state) {
+ case EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE:
+ return "waiting for authentication type";
+ case EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE:
+ return "waiting for client nonce";
+ case EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH:
+ return "waiting for client hash";
case EXT_OR_CONN_STATE_OPEN: return "open";
case EXT_OR_CONN_STATE_FLUSHING: return "flushing final OKAY";
}
@@ -1398,8 +1404,7 @@ connection_init_accepted_conn(connection_t *conn,
switch (conn->type) {
case CONN_TYPE_EXT_OR:
- conn->state = EXT_OR_CONN_STATE_OPEN;
- break;
+ return connection_ext_or_start_auth(TO_OR_CONN(conn));
case CONN_TYPE_OR:
control_event_or_conn_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0);
rv = connection_tls_start_handshake(TO_OR_CONN(conn), 1);
@@ -4450,6 +4455,7 @@ assert_connection_ok(connection_t *conn, time_t now)
case CONN_TYPE_OR:
tor_assert(conn->state >= OR_CONN_STATE_MIN_);
tor_assert(conn->state <= OR_CONN_STATE_MAX_);
+ break;
case CONN_TYPE_EXT_OR:
tor_assert(conn->state >= EXT_OR_CONN_STATE_MIN_);
tor_assert(conn->state <= EXT_OR_CONN_STATE_MAX_);
diff --git a/src/or/or.h b/src/or/or.h
index e81d7a902d..63d137cf15 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -315,14 +315,24 @@ typedef enum {
#define OR_CONN_STATE_OPEN 8
#define OR_CONN_STATE_MAX_ 8
-/** States of Extended ORPort. */
+/** States of the Extended ORPort protocol. Be careful before changing
+ * the numbers: they matter. */
#define EXT_OR_CONN_STATE_MIN_ 1
-/** Extended ORPort just launched, and is accepting connections. */
-#define EXT_OR_CONN_STATE_OPEN 1
+/** Extended ORPort authentication is waiting for the authentication
+ * type selected by the client. */
+#define EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE 1
+/** Extended ORPort authentication is waiting for the client nonce. */
+#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE 2
+/** Extended ORPort authentication is waiting for the client hash. */
+#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH 3
+#define EXT_OR_CONN_STATE_AUTH_MAX 3
+/** Authentication finished and the Extended ORPort is now accepting
+ * traffic. */
+#define EXT_OR_CONN_STATE_OPEN 4
/** Extended ORPort is flushing its last messages and preparing to
* start accepting OR connections. */
-#define EXT_OR_CONN_STATE_FLUSHING 2
-#define EXT_OR_CONN_STATE_MAX_ 2
+#define EXT_OR_CONN_STATE_FLUSHING 5
+#define EXT_OR_CONN_STATE_MAX_ 5
#define EXIT_CONN_STATE_MIN_ 1
/** State for an exit connection: waiting for response from DNS farm. */
@@ -1440,6 +1450,9 @@ typedef struct or_connection_t {
char identity_digest[DIGEST_LEN];
/** Extended ORPort connection identifier. */
char *ext_or_conn_id;
+ /** Client hash of the Extended ORPort authentication scheme */
+ char *ext_or_auth_correct_client_hash;
+
char *nickname; /**< Nickname of OR on other side (if any). */
tor_tls_t *tls; /**< TLS connection state. */
@@ -3771,7 +3784,10 @@ typedef struct {
int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for
* the control system? */
- char *CookieAuthFile; /**< Location of a cookie authentication file. */
+ char *CookieAuthFile; /**< Filesystem location of a ControlPort
+ * authentication cookie. */
+ char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended
+ * ORPort authentication cookie. */
int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */
int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to
* circuits itself (0), or does it expect a controller