tor  0.4.2.1-alpha-dev
Macros | Functions | Variables
control_auth.c File Reference
#include "core/or/or.h"
#include "app/config/config.h"
#include "core/mainloop/connection.h"
#include "feature/control/control.h"
#include "feature/control/control_cmd.h"
#include "feature/control/control_auth.h"
#include "feature/control/control_cmd_args_st.h"
#include "feature/control/control_connection_st.h"
#include "feature/control/control_proto.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/encoding/confline.h"
#include "lib/encoding/kvline.h"
#include "lib/encoding/qstring.h"
#include "lib/crypt_ops/crypto_s2k.h"

Go to the source code of this file.

Macros

#define AUTHENTICATION_COOKIE_LEN   32
 
#define SAFECOOKIE_SERVER_TO_CONTROLLER_CONSTANT   "Tor safe cookie authentication server-to-controller hash"
 
#define SAFECOOKIE_CONTROLLER_TO_SERVER_CONSTANT   "Tor safe cookie authentication controller-to-server hash"
 
#define SAFECOOKIE_SERVER_NONCE_LEN   DIGEST256_LEN
 

Functions

char * get_controller_cookie_file_name (void)
 
int init_control_cookie_authentication (int enabled)
 
smartlist_tdecode_hashed_passwords (config_line_t *passwords)
 
int handle_control_authchallenge (control_connection_t *conn, const control_cmd_args_t *args)
 
int handle_control_authenticate (control_connection_t *conn, const control_cmd_args_t *args)
 
void control_auth_free_all (void)
 

Variables

static int authentication_cookie_is_set = 0
 
static uint8_t * authentication_cookie = NULL
 
const control_cmd_syntax_t authchallenge_syntax
 
const control_cmd_syntax_t authenticate_syntax
 

Detailed Description

Authentication for Tor's control-socket interface.

Definition in file control_auth.c.

Macro Definition Documentation

◆ AUTHENTICATION_COOKIE_LEN

#define AUTHENTICATION_COOKIE_LEN   32

If we're using cookie-type authentication, how long should our cookies be?

Definition at line 29 of file control_auth.c.

Function Documentation

◆ decode_hashed_passwords()

smartlist_t* decode_hashed_passwords ( config_line_t passwords)

Decode the hashed, base64'd passwords stored in passwords. Return a smartlist of acceptable passwords (unterminated strings of length S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN) on success, or NULL on failure.

Definition at line 88 of file control_auth.c.

References base16_decode(), base64_decode(), DIGEST_LEN, S2K_RFC2440_SPECIFIER_LEN, smartlist_add(), strcmpstart(), and tor_assert().

◆ get_controller_cookie_file_name()

char* get_controller_cookie_file_name ( void  )

Helper: Return a newly allocated string containing a path to the file where we store our authentication cookie.

Definition at line 48 of file control_auth.c.

References or_options_t::CookieAuthFile.

Referenced by tor_cleanup().

◆ handle_control_authchallenge()

int handle_control_authchallenge ( control_connection_t conn,
const control_cmd_args_t args 
)

Called when we get an AUTHCHALLENGE command.

Definition at line 133 of file control_auth.c.

References DIGEST256_LEN, and HEX_DIGEST256_LEN.

◆ handle_control_authenticate()

int handle_control_authenticate ( control_connection_t conn,
const control_cmd_args_t args 
)

Called when we get an AUTHENTICATE message. Check whether the authentication is valid, and if so, update the connection's state to OPEN. Reply with DONE or ERROR.

We only get here if both kinds of authentication failed.

Definition at line 246 of file control_auth.c.

References control_cmd_args_t::kwargs.

Variable Documentation

◆ authchallenge_syntax

const control_cmd_syntax_t authchallenge_syntax
Initial value:
= {
.min_args = 1,
.max_args = 1,
.accept_keywords=true,
.kvline_flags=KV_OMIT_KEYS|KV_QUOTED_QSTRING,
.store_raw_body=true
}

Definition at line 123 of file control_auth.c.

◆ authenticate_syntax

const control_cmd_syntax_t authenticate_syntax
Initial value:
= {
.max_args = 0,
.accept_keywords=true,
.kvline_flags=KV_OMIT_KEYS|KV_QUOTED_QSTRING,
.store_raw_body=true
}

Definition at line 234 of file control_auth.c.

◆ authentication_cookie

uint8_t* authentication_cookie = NULL
static

If authentication_cookie_is_set, a secret cookie that we've stored to disk and which we're using to authenticate controllers. (If the controller can read it off disk, it has permission to connect.)

Definition at line 37 of file control_auth.c.

◆ authentication_cookie_is_set

int authentication_cookie_is_set = 0
static

If true, we've set authentication_cookie to a secret code and stored it to disk.

Definition at line 33 of file control_auth.c.