[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3958 [Torctl]: pytorctl should learn to try both CookieAuth and PasswordAuth



#3958: pytorctl should learn to try both CookieAuth and PasswordAuth
--------------------+-------------------------------------------------------
 Reporter:  arma    |          Owner:  mikeperry   
     Type:  defect  |         Status:  needs_review
 Priority:  normal  |      Milestone:              
Component:  Torctl  |        Version:              
 Keywords:          |         Parent:  #3476       
   Points:          |   Actualpoints:              
--------------------+-------------------------------------------------------

Comment(by atagar):

 Oh, a bug with this patch: if the PROTOCOLINFO response has multiple auth
 types and the authenticate() caller doesn't provide a passphrase then we
 abort without trying cookie auth (see lines 1014-1016). This can be
 trivially fixed by changing...

 if AUTH_TYPE.PASSWORD in self._authTypes and secret == "":

 to

 if secret == "" and self._authTypes == (AUTH_TYPE.PASSWORD,):

 This probably also means an issue with the edge case where the user
 generated an empty password...
 tor --hash-password ""

 so I'd suggest changing the secret default value to None.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3958#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs