Macros | Functions | Variables
control_auth.c File Reference

Authentication for Tor's control-socket interface. More...

#include "core/or/or.h"
#include "app/config/config.h"
#include "core/mainloop/connection.h"
#include "feature/control/control.h"
#include "feature/control/control_cmd.h"
#include "feature/control/control_auth.h"
#include "feature/control/control_cmd_args_st.h"
#include "feature/control/control_connection_st.h"
#include "feature/control/control_proto.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/encoding/confline.h"
#include "lib/encoding/kvline.h"
#include "lib/encoding/qstring.h"
#include "lib/crypt_ops/crypto_s2k.h"

Go to the source code of this file.


#define SAFECOOKIE_SERVER_TO_CONTROLLER_CONSTANT    "Tor safe cookie authentication server-to-controller hash"
#define SAFECOOKIE_CONTROLLER_TO_SERVER_CONSTANT    "Tor safe cookie authentication controller-to-server hash"


char * get_controller_cookie_file_name (void)
int init_control_cookie_authentication (int enabled)
smartlist_tdecode_hashed_passwords (config_line_t *passwords)
int handle_control_authchallenge (control_connection_t *conn, const control_cmd_args_t *args)
int handle_control_authenticate (control_connection_t *conn, const control_cmd_args_t *args)
void control_auth_free_all (void)


static int authentication_cookie_is_set = 0
static uint8_t * authentication_cookie = NULL
const control_cmd_syntax_t authchallenge_syntax
const control_cmd_syntax_t authenticate_syntax

Detailed Description

Authentication for Tor's control-socket interface.

Definition in file control_auth.c.

Macro Definition Documentation



If we're using cookie-type authentication, how long should our cookies be?

Definition at line 29 of file control_auth.c.


#define SAFECOOKIE_CONTROLLER_TO_SERVER_CONSTANT    "Tor safe cookie authentication controller-to-server hash"

Definition at line 41 of file control_auth.c.



Definition at line 43 of file control_auth.c.


#define SAFECOOKIE_SERVER_TO_CONTROLLER_CONSTANT    "Tor safe cookie authentication server-to-controller hash"

Definition at line 39 of file control_auth.c.

Function Documentation

◆ control_auth_free_all()

void control_auth_free_all ( void  )

Definition at line 436 of file control_auth.c.

◆ decode_hashed_passwords()

smartlist_t * decode_hashed_passwords ( config_line_t passwords)

Decode the hashed, base64'd passwords stored in passwords. Return a smartlist of acceptable passwords (unterminated strings of length S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN) on success, or NULL on failure.

Definition at line 88 of file control_auth.c.

◆ get_controller_cookie_file_name()

char * get_controller_cookie_file_name ( void  )

Helper: Return a newly allocated string containing a path to the file where we store our authentication cookie.

Definition at line 48 of file control_auth.c.

Referenced by get_esc_cfile(), and tor_cleanup().

◆ handle_control_authchallenge()

int handle_control_authchallenge ( control_connection_t conn,
const control_cmd_args_t args 

Called when we get an AUTHCHALLENGE command.

Definition at line 133 of file control_auth.c.

◆ handle_control_authenticate()

int handle_control_authenticate ( control_connection_t conn,
const control_cmd_args_t args 

Called when we get an AUTHENTICATE message. Check whether the authentication is valid, and if so, update the connection's state to OPEN. Reply with DONE or ERROR.

We only get here if both kinds of authentication failed.

Definition at line 246 of file control_auth.c.

◆ init_control_cookie_authentication()

int init_control_cookie_authentication ( int  enabled)

Definition at line 62 of file control_auth.c.

Variable Documentation

◆ authchallenge_syntax

const control_cmd_syntax_t authchallenge_syntax
Initial value:
= {
.min_args = 1,
.max_args = 1,

Definition at line 123 of file control_auth.c.

◆ authenticate_syntax

const control_cmd_syntax_t authenticate_syntax
Initial value:
= {
.max_args = 0,

Definition at line 234 of file control_auth.c.

◆ authentication_cookie

uint8_t* authentication_cookie = NULL

If authentication_cookie_is_set, a secret cookie that we've stored to disk and which we're using to authenticate controllers. (If the controller can read it off disk, it has permission to connect.)

Definition at line 37 of file control_auth.c.

◆ authentication_cookie_is_set

int authentication_cookie_is_set = 0

If true, we've set authentication_cookie to a secret code and stored it to disk.

Definition at line 33 of file control_auth.c.