[tor-bugs] #3958 [Torctl]: pytorctl should learn to try both CookieAuth and PasswordAuth

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Fri Dec 2 17:18:36 UTC 2011

#3958: pytorctl should learn to try both CookieAuth and PasswordAuth
 Reporter:  arma    |          Owner:  mikeperry   
     Type:  defect  |         Status:  needs_review
 Priority:  normal  |      Milestone:              
Component:  Torctl  |        Version:              
 Keywords:          |         Parent:  #3476       
   Points:          |   Actualpoints:              

Comment(by atagar):

 Tor closes its socket after a failed authentication attempt. This patch
 seems to work in practice because cookie auth failures are almost always
 with reading the cookie so we fail before issuing an AUTHENTICATE call.

 However, if the auth cookie somehow contains the _wrong_ auth value
 - torctl will send the cookie value to tor which is rejected, closing the
 - torctl will then fall back to sending the user's passphrase, which
 regardless of if it's correct or not will also fail because the socket is

 From what I recall of vidalia's handling I suspect it has a similar bug.
 I'm attempting to address this with stem by having socket objects that can
 reconnect after a failed connection attempt - see the ControlSocket and
 sublasses of...

 All that said, this patch still gets TorCtl to a better place than it once

 Cheers! -Damian

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3958#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list