tor: Change auth order to only use HASHEDPASSWORD if -torpassword

Change authentication order to make it more clear (see #7700).

- If the `-torpassword` option is provided, force use of
  `HASHEDPASSWORD` auth.

- Give error message if `-torpassword` provided, but
  `HASHEDPASSWORD` auth is not available.

- Give error message if only `HASHEDPASSWORD` available, but
  `-torpassword` not given.
This commit is contained in:
Wladimir J. van der Laan 2016-03-17 12:49:16 +01:00
parent 14d6324a24
commit 2e494489c3

View File

@ -574,7 +574,15 @@ void TorController::protocolinfo_cb(TorControlConnection& conn, const TorControl
* password: "password" * password: "password"
*/ */
std::string torpassword = GetArg("-torpassword", ""); std::string torpassword = GetArg("-torpassword", "");
if (methods.count("NULL")) { if (!torpassword.empty()) {
if (methods.count("HASHEDPASSWORD")) {
LogPrint("tor", "tor: Using HASHEDPASSWORD authentication\n");
boost::replace_all(torpassword, "\"", "\\\"");
conn.Command("AUTHENTICATE \"" + torpassword + "\"", boost::bind(&TorController::auth_cb, this, _1, _2));
} else {
LogPrintf("tor: Password provided with -torpassword, but HASHEDPASSWORD authentication is not available\n");
}
} else if (methods.count("NULL")) {
LogPrint("tor", "tor: Using NULL authentication\n"); LogPrint("tor", "tor: Using NULL authentication\n");
conn.Command("AUTHENTICATE", boost::bind(&TorController::auth_cb, this, _1, _2)); conn.Command("AUTHENTICATE", boost::bind(&TorController::auth_cb, this, _1, _2));
} else if (methods.count("SAFECOOKIE")) { } else if (methods.count("SAFECOOKIE")) {
@ -595,13 +603,7 @@ void TorController::protocolinfo_cb(TorControlConnection& conn, const TorControl
} }
} }
} else if (methods.count("HASHEDPASSWORD")) { } else if (methods.count("HASHEDPASSWORD")) {
if (!torpassword.empty()) { LogPrintf("tor: The only supported authentication mechanism left is password, but no password provided with -torpassword\n");
LogPrint("tor", "tor: Using HASHEDPASSWORD authentication\n");
boost::replace_all(torpassword, "\"", "\\\"");
conn.Command("AUTHENTICATE \"" + torpassword + "\"", boost::bind(&TorController::auth_cb, this, _1, _2));
} else {
LogPrintf("tor: Password authentication required, but no password provided with -torpassword\n");
}
} else { } else {
LogPrintf("tor: No supported authentication method\n"); LogPrintf("tor: No supported authentication method\n");
} }