Re: [tor-bugs] #3958 [Torctl]: pytorctl should learn to try both CookieAuth and PasswordAuth

["Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>]

#3958: pytorctl should learn to try both CookieAuth and PasswordAuth
--------------------+-------------------------------------------------------
 Reporter:  arma    |          Owner:  mikeperry   
     Type:  defect  |         Status:  needs_review
 Priority:  normal  |      Milestone:              
Component:  Torctl  |        Version:              
 Keywords:          |         Parent:  #3476       
   Points:          |   Actualpoints:              
--------------------+-------------------------------------------------------

Comment(by atagar):

 Tor closes its socket after a failed authentication attempt. This patch
 seems to work in practice because cookie auth failures are almost always
 with reading the cookie so we fail before issuing an AUTHENTICATE call.

 However, if the auth cookie somehow contains the _wrong_ auth value
 then...
 - torctl will send the cookie value to tor which is rejected, closing the
 socket
 - torctl will then fall back to sending the user's passphrase, which
 regardless of if it's correct or not will also fail because the socket is
 closed

 From what I recall of vidalia's handling I suspect it has a similar bug.
 I'm attempting to address this with stem by having socket objects that can
 reconnect after a failed connection attempt - see the ControlSocket and
 sublasses of...
 https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/socket.py

 All that said, this patch still gets TorCtl to a better place than it once
 was.

 Cheers! -Damian

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3958#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs