[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #4817 [Tor]: Control port authentication failures don't differentiate failure types



#4817: Control port authentication failures don't differentiate failure types
-------------------------+-------------------------------------------
     Reporter:  atagar   |      Owner:
         Type:  defect   |     Status:  needs_review
     Priority:  trivial  |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor      |    Version:
   Resolution:           |   Keywords:  easy maybe-proposal tor-relay
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------

Comment (by atagar):

 Hi Nick. Now that I've thought about it some more what I was hoping for
 from stem's perspective was different status codes for "incorrect auth
 value" verses "incorrect auth type".

 Here's how tor responds to each auth type (except no auth since that's
 uninteresting as everything's accepted);

 ==============================

 Using Password Auth:

 {{{
 # (A) Attempt No Auth

 AUTHENTICATE
 515 Authentication failed: Password did not match HashedControlPassword
 value from configuration. Maybe you tried a plain text password? If so,
 the standard requires that you put it in double quotes.

 # (B) Attempt Password Auth (wrong value)

 AUTHENTICATE "my password"
 515 Authentication failed: Password did not match HashedControlPassword
 value from configuration

 # (C) Attempt Cookie Auth

 AUTHENTICATE
 b4c9e2effc93bbbf139dcc5c0fc15d0b890a9e7bf7c8bb49b1d34c2eb547c910
 515 Authentication failed: Password did not match HashedControlPassword
 value from configuration. Maybe you tried a plain text password? If so,
 the standard requires that you put it in double quotes.
 }}}

 Using Cookie Auth:

 {{{
 # (D) Attempt No Auth

 AUTHENTICATE
 515 Authentication failed: Wrong length on authentication cookie.

 # (E) Attempt Password Auth

 AUTHENTICATE "my password"
 515 Authentication failed: Wrong length on authentication cookie.

 # (F) Attempt Cookie Auth (wrong value)

 AUTHENTICATE
 b4c9e2effc93bbbf139dcc5c0fc15d0b890a9e7bf7c8bb49b1d34c2eb547c910
 515 Authentication failed: Authentication cookie did not match expected
 value.
 }}}

 ==============================

 From my perspective it would be nice if situations 'B' and 'F' had a
 distinct status code from the rest (rather than everything returning a
 515). Stem presently parses the response message to differentiate those
 cases so we can raise the appropriate exception.

 I realize that this is different from the original ask in the ticket which
 concerned the response when no credentials are provided. Again, feel free
 to resolve as 'wontfix', this is a very minor nit pick and doesn't apply
 if controllers check the PROTOCOLINFO first.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4817#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs