[tor-commits] [nyx/master] Nyxrc 'password' configuration option

atagar at torproject.org atagar at torproject.org
Sun Dec 30 19:09:54 UTC 2018


commit 65e2f7e1934a74e5e64bff7f90e73f2bb30511cb
Author: Damian Johnson <atagar at torproject.org>
Date:   Sun Dec 30 11:07:53 2018 -0800

    Nyxrc 'password' configuration option
    
    Cookie authentication obviates the need for non-interactive password auth, but
    none the less folks understandably expect us to have this...
    
      https://trac.torproject.org/projects/tor/ticket/28295
---
 nyx/starter.py           | 10 ++++++++++
 web/changelog/index.html |  1 +
 web/index.html           |  6 ++++++
 web/nyxrc.sample         |  1 +
 4 files changed, 18 insertions(+)

diff --git a/nyx/starter.py b/nyx/starter.py
index 60a9ba0..8048fac 100644
--- a/nyx/starter.py
+++ b/nyx/starter.py
@@ -20,6 +20,7 @@ import nyx.curses
 import nyx.tracker
 
 import stem
+import stem.connection
 import stem.util.log
 import stem.util.system
 
@@ -78,9 +79,18 @@ def main(config):
   else:
     stem.util.log.notice('No nyxrc loaded, using defaults. You can customize nyx by placing a configuration file at %s (see https://nyx.torproject.org/nyxrc.sample for its options).' % args.config)
 
+  # If a password is provided via the user's nyxrc that will be use, otherwise
+  # users are prompted for a password if required.
+
+  controller_password = config.get('password', None)
+
+  if controller_password:
+    stem.connection.CONNECT_MESSAGES['incorrect_password'] = 'Unable to authenticate to tor using the controller password in %s' % args.config
+
   controller = init_controller(
     control_port = args.control_port,
     control_socket = args.control_socket,
+    password = controller_password,
     password_prompt = True,
     chroot_path = nyx.chroot(),
   )
diff --git a/web/changelog/index.html b/web/changelog/index.html
index abd1483..1b96d9e 100644
--- a/web/changelog/index.html
+++ b/web/changelog/index.html
@@ -75,6 +75,7 @@
             <li>'<b>sqlite3.OperationalError</b>' crash when ran with multiple users that share a home directory (<a href="https://trac.torproject.org/projects/tor/ticket/27938">ticket</a>)</li>
             <li>Process renaming could potentially crash (<a href="https://trac.torproject.org/projects/tor/ticket/27556">ticket</a>)</li>
             <li>Blank debug path caused us to crash (<a href="https://trac.torproject.org/projects/tor/ticket/27350">ticket</a>)</li>
+            <li>Nyxrc <i>password</i> option for the controller credential (<a href="https://trac.torproject.org/projects/tor/ticket/28295">ticket</a>)</li>
           </ul>
         </li>
 
diff --git a/web/index.html b/web/index.html
index 9881ea8..0ec396e 100644
--- a/web/index.html
+++ b/web/index.html
@@ -483,6 +483,12 @@ logged_events BW, NOTICE, WARN, ERR
         </tr>
 
         <tr>
+          <td><b>password</b></td>
+          <td></td>
+          <td><a href="https://stem.torproject.org/faq.html#i-m-using-password-authentication">Tor controller password</a>. If unset you will be prompted for a password when one is required to authenticate.<br><br><b>Use of this is discouraged.</b> To authenticate with tor non-interactively please use <a href="https://stem.torproject.org/faq.html#i-m-using-cookie-authentication">cookie authentication</a> instead.</td>
+        </tr>
+
+        <tr>
           <td><b>tor_chroot</b></td>
           <td></td>
           <td>Chroot jail tor resides within. Most common on FreeBSD, if tor is running within a jail then use this to specify the path prefix we should use when looking for tor files on disk.</td>
diff --git a/web/nyxrc.sample b/web/nyxrc.sample
index 8b87bca..47bdba6 100644
--- a/web/nyxrc.sample
+++ b/web/nyxrc.sample
@@ -7,6 +7,7 @@
 #   % nyx --config /path/to/config
 
 data_directory ~/.nyx   # Caching location, can be set to 'disabled'.
+password none           # Control port password of tor.
 tor_chroot /path        # Chroot jail tor resides within if there is one. (*)
 show_bits false         # Bandwidth rate as bits if true, bytes otherwise.
 confirm_quit true       # Confirm before quitting.



More information about the tor-commits mailing list