[tor-bugs] #3958 [Torctl]: pytorctl should learn to try both CookieAuth and PasswordAuth
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Dec 2 17:18:36 UTC 2011
#3958: pytorctl should learn to try both CookieAuth and PasswordAuth
--------------------+-------------------------------------------------------
Reporter: arma | Owner: mikeperry
Type: defect | Status: needs_review
Priority: normal | Milestone:
Component: Torctl | Version:
Keywords: | Parent: #3476
Points: | Actualpoints:
--------------------+-------------------------------------------------------
Comment(by atagar):
Tor closes its socket after a failed authentication attempt. This patch
seems to work in practice because cookie auth failures are almost always
with reading the cookie so we fail before issuing an AUTHENTICATE call.
However, if the auth cookie somehow contains the _wrong_ auth value
then...
- torctl will send the cookie value to tor which is rejected, closing the
socket
- torctl will then fall back to sending the user's passphrase, which
regardless of if it's correct or not will also fail because the socket is
closed
From what I recall of vidalia's handling I suspect it has a similar bug.
I'm attempting to address this with stem by having socket objects that can
reconnect after a failed connection attempt - see the ControlSocket and
sublasses of...
https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/socket.py
All that said, this patch still gets TorCtl to a better place than it once
was.
Cheers! -Damian
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3958#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list