Lock Control Port

Robert Hogan robert at roberthogan.net
Sat Oct 13 09:50:16 UTC 2007


This occurred to me this morning and I *think* it might be useful.

The dirty truth is that for the forseeable future many users will continue to 
leave authentication disabled in the interests of just getting things 
working, no matter how hard controllers try to force it down their throats 
and no matter how hard tor chides them for not enabling it.

While we're all still 'getting there', controllers could have the option of 
locking the control port if no auth mechanism is enabled, and even when it 
is. Given that users tend not to share installations and most run their 
controller concurrently with tor at all times this would be a useful fallback 
measure.

Patch below. Seems to work fine, though haven't tested it to death.


Index: src/or/control.c
===================================================================
--- src/or/control.c    (revision 11907)
+++ src/or/control.c    (working copy)
@@ -75,6 +75,8 @@
 static int authentication_cookie_is_set = 0;
 static char authentication_cookie[AUTHENTICATION_COOKIE_LEN];

+static int controlport_locked = 0;
+
 #define SHORT_NAMES 1
 #define LONG_NAMES 2
 #define ALL_NAMES (SHORT_NAMES|LONG_NAMES)
@@ -2553,6 +2555,13 @@
   tor_assert(conn->_base.state == CONTROL_CONN_STATE_OPEN ||
              conn->_base.state == CONTROL_CONN_STATE_NEEDAUTH);

+  if (conn->_base.state == CONTROL_CONN_STATE_NEEDAUTH &&
+      controlport_locked) {
+    connection_write_str_to_buf("514 Control Port Locked by Other User.\r\n", 
conn);
+    connection_mark_for_close(TO_CONN(conn));
+    return 0;
+  }
+
   if (!conn->incoming_cmd) {
     conn->incoming_cmd = tor_malloc(1024);
     conn->incoming_cmd_len = 1024;
@@ -2640,6 +2649,7 @@

   /* Quit is always valid. */
   if (!strcasecmp(conn->incoming_cmd, "QUIT")) {
+    controlport_locked = 0;
     connection_write_str_to_buf("250 closing connection\r\n", conn);
     connection_mark_for_close(TO_CONN(conn));
     return 0;
@@ -2711,6 +2721,12 @@
   } else if (!strcasecmp(conn->incoming_cmd, "PROTOCOLINFO")) {
     if (handle_control_protocolinfo(conn, data_len, args))
       return -1;
+  } else if (!strcasecmp(conn->incoming_cmd, "LOCK")) {
+    controlport_locked = 1;
+    connection_printf_to_buf(conn, "250 OK\r\n");
+  } else if (!strcasecmp(conn->incoming_cmd, "UNLOCK")) {
+    controlport_locked = 0;
+    connection_printf_to_buf(conn, "250 OK\r\n");
   } else {
     connection_printf_to_buf(conn, "510 Unrecognized command \"%s\"\r\n",
                              conn->incoming_cmd);
Index: doc/spec/control-spec.txt
===================================================================
--- doc/spec/control-spec.txt   (revision 11907)
+++ doc/spec/control-spec.txt   (working copy)
@@ -813,6 +813,22 @@

   [PROTOCOLINFO was not supported before Tor 0.2.0.5-alpha.]

+3.22. LOCK/UNLOCK
+
+  The syntax is:
+    "LOCK" CRLF
+    "UNLOCK" CRLF
+
+  The server reply format is:
+    "250 OK" CRLF
+
+  The "LOCK" command prevents anyone else from interacting with Tor through 
the
+  control port while the current session is open. Controllers should use this
+  command when Tor is not configured with an authentication mechanism by the 
user.
+  When this command is used other users will receive the message '514 Control 
Port
+  Locked by Other User' when they attempt to authenticate.
+  The "UNLOCK" command opens the control port to other users again.
+
 4. Replies

   Reply codes follow the same 3-character format as used by SMTP, with the

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20071013/5aca40bf/attachment.pgp>


More information about the tor-dev mailing list