Tor 0.4.9.2-alpha-dev
|
Authentication for Tor's control-socket interface. More...
#include "core/or/or.h"
#include "app/config/config.h"
#include "core/mainloop/connection.h"
#include "feature/control/control.h"
#include "feature/control/control_events.h"
#include "feature/control/control_cmd.h"
#include "feature/control/control_auth.h"
#include "feature/control/control_cmd_args_st.h"
#include "feature/control/control_connection_st.h"
#include "feature/control/control_proto.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/encoding/confline.h"
#include "lib/encoding/kvline.h"
#include "lib/encoding/qstring.h"
#include "lib/crypt_ops/crypto_s2k.h"
Go to the source code of this file.
Macros | |
#define | AUTHENTICATION_COOKIE_LEN 32 |
#define | SAFECOOKIE_SERVER_TO_CONTROLLER_CONSTANT "Tor safe cookie authentication server-to-controller hash" |
#define | SAFECOOKIE_CONTROLLER_TO_SERVER_CONSTANT "Tor safe cookie authentication controller-to-server hash" |
#define | SAFECOOKIE_SERVER_NONCE_LEN DIGEST256_LEN |
Functions | |
static void | control_add_authenticated_connection (control_connection_t *conn) |
void | control_remove_authenticated_connection (const control_connection_t *conn) |
char * | get_controller_cookie_file_name (void) |
int | init_control_cookie_authentication (int enabled) |
smartlist_t * | decode_hashed_passwords (config_line_t *passwords) |
int | handle_control_authchallenge (control_connection_t *conn, const control_cmd_args_t *args) |
int | handle_control_authenticate (control_connection_t *conn, const control_cmd_args_t *args) |
void | control_auth_free_all (void) |
Variables | |
static smartlist_t * | control_auth_conns = NULL |
static int | authentication_cookie_is_set = 0 |
static uint8_t * | authentication_cookie = NULL |
const control_cmd_syntax_t | authchallenge_syntax |
const control_cmd_syntax_t | authenticate_syntax |
Authentication for Tor's control-socket interface.
Definition in file control_auth.c.
#define AUTHENTICATION_COOKIE_LEN 32 |
If we're using cookie-type authentication, how long should our cookies be?
Definition at line 60 of file control_auth.c.
#define SAFECOOKIE_CONTROLLER_TO_SERVER_CONSTANT "Tor safe cookie authentication controller-to-server hash" |
Definition at line 72 of file control_auth.c.
#define SAFECOOKIE_SERVER_NONCE_LEN DIGEST256_LEN |
Definition at line 74 of file control_auth.c.
#define SAFECOOKIE_SERVER_TO_CONTROLLER_CONSTANT "Tor safe cookie authentication server-to-controller hash" |
Definition at line 70 of file control_auth.c.
|
static |
Definition at line 32 of file control_auth.c.
void control_auth_free_all | ( | void | ) |
Definition at line 470 of file control_auth.c.
void control_remove_authenticated_connection | ( | const control_connection_t * | conn | ) |
Definition at line 44 of file control_auth.c.
smartlist_t * decode_hashed_passwords | ( | config_line_t * | passwords | ) |
Decode the hashed, base64'd passwords stored in passwords. Return a smartlist of acceptable passwords (unterminated strings of length S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN) on success, or NULL on failure.
Definition at line 119 of file control_auth.c.
char * get_controller_cookie_file_name | ( | void | ) |
Helper: Return a newly allocated string containing a path to the file where we store our authentication cookie.
Definition at line 79 of file control_auth.c.
Referenced by get_esc_cfile(), and tor_cleanup().
int handle_control_authchallenge | ( | control_connection_t * | conn, |
const control_cmd_args_t * | args | ||
) |
Called when we get an AUTHCHALLENGE command.
Definition at line 164 of file control_auth.c.
int handle_control_authenticate | ( | control_connection_t * | conn, |
const control_cmd_args_t * | args | ||
) |
Called when we get an AUTHENTICATE message. Check whether the authentication is valid, and if so, update the connection's state to OPEN. Reply with DONE or ERROR.
We only get here if both kinds of authentication failed.
Definition at line 277 of file control_auth.c.
int init_control_cookie_authentication | ( | int | enabled | ) |
Definition at line 93 of file control_auth.c.
const control_cmd_syntax_t authchallenge_syntax |
Definition at line 154 of file control_auth.c.
const control_cmd_syntax_t authenticate_syntax |
Definition at line 265 of file control_auth.c.
|
static |
If authentication_cookie_is_set, a secret cookie that we've stored to disk and which we're using to authenticate controllers. (If the controller can read it off disk, it has permission to connect.)
Definition at line 68 of file control_auth.c.
|
static |
If true, we've set authentication_cookie to a secret code and stored it to disk.
Definition at line 64 of file control_auth.c.
|
static |
Definition at line 29 of file control_auth.c.