[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #3958 [Torctl]: pytorctl should learn to try both CookieAuth and PasswordAuth
#3958: pytorctl should learn to try both CookieAuth and PasswordAuth
--------------------+-------------------------------------------------------
Reporter: arma | Owner: mikeperry
Type: defect | Status: needs_review
Priority: normal | Milestone:
Component: Torctl | Version:
Keywords: | Parent: #3476
Points: | Actualpoints:
--------------------+-------------------------------------------------------
Comment(by atagar):
Oh, a bug with this patch: if the PROTOCOLINFO response has multiple auth
types and the authenticate() caller doesn't provide a passphrase then we
abort without trying cookie auth (see lines 1014-1016). This can be
trivially fixed by changing...
if AUTH_TYPE.PASSWORD in self._authTypes and secret == "":
to
if secret == "" and self._authTypes == (AUTH_TYPE.PASSWORD,):
This probably also means an issue with the edge case where the user
generated an empty password...
tor --hash-password ""
so I'd suggest changing the secret default value to None.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3958#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs