Implement and use a generic auth. cookie initialization function.

Use the generic function for both the ControlPort cookie and the ExtORPort cookie. Also, place the global cookie variables in the heap so that we can pass them around more easily as pointers. Also also, fix the unit tests that broke by this change. Conflicts: src/or/config.h src/or/ext_orport.c
author: George Kadianakis <desnacked@riseup.net> 2013-06-04 20:00:28 +0300
committer: Nick Mathewson <nickm@torproject.org> 2013-08-15 12:03:37 -0400
commit: 33c3e60a376291faed073dcfb6c9b8a0098572a0 (patch)
tree: 85c817c417797c276b1a5849493773c5a5285408 /src/or/ext_orport.c
parent: 13784d47536704e8b2fea918ffe4f9bf8c019f88 (diff)
download: tor-33c3e60a376291faed073dcfb6c9b8a0098572a0.tar
tor-33c3e60a376291faed073dcfb6c9b8a0098572a0.tar.gz
1 files changed, 13 insertions, 39 deletions
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index ee50a87d6..272fef4d1 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -88,9 +88,6 @@ connection_ext_or_transition(or_connection_t *conn)
 #define EXT_OR_PORT_AUTH_COOKIE_LEN 32
 /** Length of the header of the cookie file. */
 #define EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN 32
-/** Total length of the cookie file. */
-#define EXT_OR_PORT_AUTH_COOKIE_FILE_LEN \
-  EXT_OR_PORT_AUTH_COOKIE_LEN+EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN
 /** Static cookie file header. */
 #define EXT_OR_PORT_AUTH_COOKIE_HEADER "! Extended ORPort Auth Cookie !\x0a"
 /** Length of safe-cookie protocol hashes. */
@@ -112,7 +109,7 @@ STATIC int ext_or_auth_cookie_is_set = 0;
 /** If ext_or_auth_cookie_is_set, a secret cookie that we've stored to disk
  * and which we're using to authenticate controllers.  (If the controller can
  * read it off disk, it has permission to connect.) */
-STATIC char ext_or_auth_cookie[EXT_OR_PORT_AUTH_COOKIE_LEN] = {0};
+STATIC uint8_t *ext_or_auth_cookie = NULL;
 
 /** Helper: Return a newly allocated string containing a path to the
  * file where we store our authentication cookie. */
@@ -128,50 +125,27 @@ get_ext_or_auth_cookie_file_name(void)
   }
 }
 
-/** Choose a random authentication cookie and write it to disk.
- * Anybody who can read the cookie from disk will be considered
- * authorized to use the control connection. Return -1 if we can't
- * write the file, or 0 on success. */
+/* Initialize the cookie-based authentication system of the
+ * Extended ORPort. If <b>is_enabled</b> is 0, then disable the cookie
+ * authentication system. */
 int
 init_ext_or_cookie_authentication(int is_enabled)
 {
-  char *fname;
-  char cookie_file_string[EXT_OR_PORT_AUTH_COOKIE_FILE_LEN];
+  char *fname = NULL;
+  int retval;
 
   if (!is_enabled) {
     ext_or_auth_cookie_is_set = 0;
     return 0;
   }
 
-  /* We don't want to generate a new cookie every time we call
-   * options_act(). One should be enough. */
-  if (ext_or_auth_cookie_is_set)
-    return 0; /* all set */
-
-  if (crypto_rand(ext_or_auth_cookie, EXT_OR_PORT_AUTH_COOKIE_LEN) < 0)
-    return -1;
-  ext_or_auth_cookie_is_set = 1;
-
-  memcpy(cookie_file_string, EXT_OR_PORT_AUTH_COOKIE_HEADER,
-         EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN);
-  memcpy(cookie_file_string+EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN,
-         ext_or_auth_cookie, EXT_OR_PORT_AUTH_COOKIE_LEN);
-
   fname = get_ext_or_auth_cookie_file_name();
-  if (write_bytes_to_file(fname, cookie_file_string,
-                          EXT_OR_PORT_AUTH_COOKIE_FILE_LEN, 1)) {
-    log_warn(LD_FS,"Error writing authentication cookie to %s.",
-             escaped(fname));
-    tor_free(fname);
-    return -1;
-  }
-
-  log_info(LD_GENERAL, "Generated Extended ORPort cookie file in '%s'.",
-           fname);
-
-  memwipe(cookie_file_string, 0, sizeof(cookie_file_string));
+  retval = init_cookie_authentication(fname, EXT_OR_PORT_AUTH_COOKIE_HEADER,
+                                      EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN,
+                                      &ext_or_auth_cookie,
+                                      &ext_or_auth_cookie_is_set);
   tor_free(fname);
-  return 0;
+  return retval;
 }
 
 /** Read data from <b>conn</b> and see if the client sent us the
@@ -249,13 +223,13 @@ handle_client_auth_nonce(const char *client_nonce, size_t client_nonce_len,
            server_nonce, EXT_OR_PORT_AUTH_NONCE_LEN);
 
     crypto_hmac_sha256(server_hash,
-                       ext_or_auth_cookie,
+                       (char*)ext_or_auth_cookie,
                        EXT_OR_PORT_AUTH_COOKIE_LEN,
                        hmac_s_msg,
                        hmac_s_msg_len);
 
     crypto_hmac_sha256(correct_client_hash,
-                       ext_or_auth_cookie,
+                       (char*)ext_or_auth_cookie,
                        EXT_OR_PORT_AUTH_COOKIE_LEN,
                        hmac_c_msg,
                        hmac_c_msg_len);
author	George Kadianakis <desnacked@riseup.net>	2013-06-04 20:00:28 +0300
committer	Nick Mathewson <nickm@torproject.org>	2013-08-15 12:03:37 -0400
commit	33c3e60a376291faed073dcfb6c9b8a0098572a0 (patch)
tree	85c817c417797c276b1a5849493773c5a5285408 /src/or/ext_orport.c
parent	13784d47536704e8b2fea918ffe4f9bf8c019f88 (diff)
download	tor-33c3e60a376291faed073dcfb6c9b8a0098572a0.tar tor-33c3e60a376291faed073dcfb6c9b8a0098572a0.tar.gz