[tor-commits] [torspec/master] Clarify control port authentication.

[nickm at torproject.org]

commit 043051b79f929b39d77eb1520b4fc65a721e85ae
Author: Mike Perry <mikeperry-git at fscked.org>
Date:   Wed Aug 10 09:58:42 2011 -0700

    Clarify control port authentication.
    
    Encoded hex strings are useful, but the previous revision conflated them
    with how the tor implementations stores them on disk.
---
 control-spec.txt |   10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/control-spec.txt b/control-spec.txt
index 160adf4..4aba1fa 100644
--- a/control-spec.txt
+++ b/control-spec.txt
@@ -293,14 +293,18 @@
 3.5. AUTHENTICATE
 
   Sent from the client to the server.  The syntax is:
-     "AUTHENTICATE" [ SP 1*HEXDIG / QuotedString ] CRLF
+     "AUTHENTICATE" [ SP N*HEXDIG / QuotedString ] CRLF
 
   The server responds with "250 OK" on success or "515 Bad authentication" if
   the authentication cookie is incorrect.  Tor closes the connection on an
   authentication failure.
 
-  The format of the 'cookie' is implementation-dependent; see 5.1 below for
-  information on how the standard Tor implementation handles it.
+  The authentication token can be specified as either a quoted ASCII string,
+  or as an unquoted hexadecimal encoding of that same string (to avoid escaping
+  issues).
+
+  For information on how the implementation securely stores authentication
+  information on disk, see section 5.1.
 
   Before the client has authenticated, no command other than PROTOCOLINFO,
   AUTHENTICATE, or QUIT is valid.  If the controller sends any other command,