[tor-bugs] #4817 [Tor]: Control port authentication failures don't differentiate failure types
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Feb 8 19:33:58 UTC 2014
#4817: Control port authentication failures don't differentiate failure types
-------------------------+-------------------------------------------
Reporter: atagar | Owner:
Type: defect | Status: needs_review
Priority: trivial | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Resolution: | Keywords: easy maybe-proposal tor-relay
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------
Comment (by atagar):
Hi Nick. Now that I've thought about it some more what I was hoping for
from stem's perspective was different status codes for "incorrect auth
value" verses "incorrect auth type".
Here's how tor responds to each auth type (except no auth since that's
uninteresting as everything's accepted);
==============================
Using Password Auth:
{{{
# (A) Attempt No Auth
AUTHENTICATE
515 Authentication failed: Password did not match HashedControlPassword
value from configuration. Maybe you tried a plain text password? If so,
the standard requires that you put it in double quotes.
# (B) Attempt Password Auth (wrong value)
AUTHENTICATE "my password"
515 Authentication failed: Password did not match HashedControlPassword
value from configuration
# (C) Attempt Cookie Auth
AUTHENTICATE
b4c9e2effc93bbbf139dcc5c0fc15d0b890a9e7bf7c8bb49b1d34c2eb547c910
515 Authentication failed: Password did not match HashedControlPassword
value from configuration. Maybe you tried a plain text password? If so,
the standard requires that you put it in double quotes.
}}}
Using Cookie Auth:
{{{
# (D) Attempt No Auth
AUTHENTICATE
515 Authentication failed: Wrong length on authentication cookie.
# (E) Attempt Password Auth
AUTHENTICATE "my password"
515 Authentication failed: Wrong length on authentication cookie.
# (F) Attempt Cookie Auth (wrong value)
AUTHENTICATE
b4c9e2effc93bbbf139dcc5c0fc15d0b890a9e7bf7c8bb49b1d34c2eb547c910
515 Authentication failed: Authentication cookie did not match expected
value.
}}}
==============================
From my perspective it would be nice if situations 'B' and 'F' had a
distinct status code from the rest (rather than everything returning a
515). Stem presently parses the response message to differentiate those
cases so we can raise the appropriate exception.
I realize that this is different from the original ask in the ticket which
concerned the response when no credentials are provided. Again, feel free
to resolve as 'wontfix', this is a very minor nit pick and doesn't apply
if controllers check the PROTOCOLINFO first.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4817#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list