commit 65e2f7e1934a74e5e64bff7f90e73f2bb30511cb Author: Damian Johnson <atagar@torproject.org> Date: Sun Dec 30 11:07:53 2018 -0800 Nyxrc 'password' configuration option Cookie authentication obviates the need for non-interactive password auth, but none the less folks understandably expect us to have this... https://trac.torproject.org/projects/tor/ticket/28295 --- nyx/starter.py | 10 ++++++++++ web/changelog/index.html | 1 + web/index.html | 6 ++++++ web/nyxrc.sample | 1 + 4 files changed, 18 insertions(+) diff --git a/nyx/starter.py b/nyx/starter.py index 60a9ba0..8048fac 100644 --- a/nyx/starter.py +++ b/nyx/starter.py @@ -20,6 +20,7 @@ import nyx.curses import nyx.tracker import stem +import stem.connection import stem.util.log import stem.util.system @@ -78,9 +79,18 @@ def main(config): else: stem.util.log.notice('No nyxrc loaded, using defaults. You can customize nyx by placing a configuration file at %s (see https://nyx.torproject.org/nyxrc.sample for its options).' % args.config) + # If a password is provided via the user's nyxrc that will be use, otherwise + # users are prompted for a password if required. + + controller_password = config.get('password', None) + + if controller_password: + stem.connection.CONNECT_MESSAGES['incorrect_password'] = 'Unable to authenticate to tor using the controller password in %s' % args.config + controller = init_controller( control_port = args.control_port, control_socket = args.control_socket, + password = controller_password, password_prompt = True, chroot_path = nyx.chroot(), ) diff --git a/web/changelog/index.html b/web/changelog/index.html index abd1483..1b96d9e 100644 --- a/web/changelog/index.html +++ b/web/changelog/index.html @@ -75,6 +75,7 @@ <li>'<b>sqlite3.OperationalError</b>' crash when ran with multiple users that share a home directory (<a href="https://trac.torproject.org/projects/tor/ticket/27938">ticket</a>)</li> <li>Process renaming could potentially crash (<a href="https://trac.torproject.org/projects/tor/ticket/27556">ticket</a>)</li> <li>Blank debug path caused us to crash (<a href="https://trac.torproject.org/projects/tor/ticket/27350">ticket</a>)</li> + <li>Nyxrc <i>password</i> option for the controller credential (<a href="https://trac.torproject.org/projects/tor/ticket/28295">ticket</a>)</li> </ul> </li> diff --git a/web/index.html b/web/index.html index 9881ea8..0ec396e 100644 --- a/web/index.html +++ b/web/index.html @@ -483,6 +483,12 @@ logged_events BW, NOTICE, WARN, ERR </tr> <tr> + <td><b>password</b></td> + <td></td> + <td><a href="https://stem.torproject.org/faq.html#i-m-using-password-authentication">Tor controller password</a>. If unset you will be prompted for a password when one is required to authenticate.<br><br><b>Use of this is discouraged.</b> To authenticate with tor non-interactively please use <a href="https://stem.torproject.org/faq.html#i-m-using-cookie-authentication">cookie authentication</a> instead.</td> + </tr> + + <tr> <td><b>tor_chroot</b></td> <td></td> <td>Chroot jail tor resides within. Most common on FreeBSD, if tor is running within a jail then use this to specify the path prefix we should use when looking for tor files on disk.</td> diff --git a/web/nyxrc.sample b/web/nyxrc.sample index 8b87bca..47bdba6 100644 --- a/web/nyxrc.sample +++ b/web/nyxrc.sample @@ -7,6 +7,7 @@ # % nyx --config /path/to/config data_directory ~/.nyx # Caching location, can be set to 'disabled'. +password none # Control port password of tor. tor_chroot /path # Chroot jail tor resides within if there is one. (*) show_bits false # Bandwidth rate as bits if true, bytes otherwise. confirm_quit true # Confirm before quitting.