commit 93b9f85d410aba1202b72e169ce386c783136b26 Author: George Kadianakis desnacked@riseup.net Date: Wed Dec 5 18:38:42 2012 +0200

Prepare codebase for the implementation of Extended ORPort auth. --- src/or/connection.c | 10 ++++++++-- src/or/or.h | 28 ++++++++++++++++++++++------ 2 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/src/or/connection.c b/src/or/connection.c index ad8e39c..9aea501 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -170,6 +170,12 @@ conn_state_to_string(int type, int state) break; case CONN_TYPE_EXT_OR: switch (state) { + case EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE: + return "waiting for authentication type"; + case EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE: + return "waiting for client nonce"; + case EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH: + return "waiting for client hash"; case EXT_OR_CONN_STATE_OPEN: return "open"; case EXT_OR_CONN_STATE_FLUSHING: return "flushing final OKAY"; } @@ -1398,8 +1404,7 @@ connection_init_accepted_conn(connection_t *conn,

switch (conn->type) { case CONN_TYPE_EXT_OR: - conn->state = EXT_OR_CONN_STATE_OPEN; - break; + return connection_ext_or_start_auth(TO_OR_CONN(conn)); case CONN_TYPE_OR: control_event_or_conn_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0); rv = connection_tls_start_handshake(TO_OR_CONN(conn), 1); @@ -4450,6 +4455,7 @@ assert_connection_ok(connection_t *conn, time_t now) case CONN_TYPE_OR: tor_assert(conn->state >= OR_CONN_STATE_MIN_); tor_assert(conn->state <= OR_CONN_STATE_MAX_); + break; case CONN_TYPE_EXT_OR: tor_assert(conn->state >= EXT_OR_CONN_STATE_MIN_); tor_assert(conn->state <= EXT_OR_CONN_STATE_MAX_); diff --git a/src/or/or.h b/src/or/or.h index e81d7a9..63d137c 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -315,14 +315,24 @@ typedef enum { #define OR_CONN_STATE_OPEN 8 #define OR_CONN_STATE_MAX_ 8

-/** States of Extended ORPort. */ +/** States of the Extended ORPort protocol. Be careful before changing + * the numbers: they matter. */ #define EXT_OR_CONN_STATE_MIN_ 1 -/** Extended ORPort just launched, and is accepting connections. */ -#define EXT_OR_CONN_STATE_OPEN 1 +/** Extended ORPort authentication is waiting for the authentication + * type selected by the client. */ +#define EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE 1 +/** Extended ORPort authentication is waiting for the client nonce. */ +#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE 2 +/** Extended ORPort authentication is waiting for the client hash. */ +#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH 3 +#define EXT_OR_CONN_STATE_AUTH_MAX 3 +/** Authentication finished and the Extended ORPort is now accepting + * traffic. */ +#define EXT_OR_CONN_STATE_OPEN 4 /** Extended ORPort is flushing its last messages and preparing to * start accepting OR connections. */ -#define EXT_OR_CONN_STATE_FLUSHING 2 -#define EXT_OR_CONN_STATE_MAX_ 2 +#define EXT_OR_CONN_STATE_FLUSHING 5 +#define EXT_OR_CONN_STATE_MAX_ 5

#define EXIT_CONN_STATE_MIN_ 1 /** State for an exit connection: waiting for response from DNS farm. */ @@ -1440,6 +1450,9 @@ typedef struct or_connection_t { char identity_digest[DIGEST_LEN]; /** Extended ORPort connection identifier. */ char *ext_or_conn_id; + /** Client hash of the Extended ORPort authentication scheme */ + char *ext_or_auth_correct_client_hash; + char *nickname; /**< Nickname of OR on other side (if any). */

tor_tls_t *tls; /**< TLS connection state. */ @@ -3771,7 +3784,10 @@ typedef struct {

int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for * the control system? */ - char *CookieAuthFile; /**< Location of a cookie authentication file. */ + char *CookieAuthFile; /**< Filesystem location of a ControlPort + * authentication cookie. */ + char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended + * ORPort authentication cookie. */ int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */ int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to * circuits itself (0), or does it expect a controller