Skip to content

tor: allow authenticating to control port using hashedpassword auth#1799

Open
3nprob wants to merge 4 commits intoJoinMarket-Org:masterfrom
3nprob:tor-control-pwauth
Open

tor: allow authenticating to control port using hashedpassword auth#1799
3nprob wants to merge 4 commits intoJoinMarket-Org:masterfrom
3nprob:tor-control-pwauth

Conversation

@3nprob
Copy link
Copy Markdown

@3nprob 3nprob commented Sep 24, 2025
edited
Loading

  • add configuration for tor_control_password for onion services
    • if this is configured, it will use HashedControlPassword instead of CookieAuthentication for the tor control port.

Resolves:

This was referenced Sep 24, 2025
Open
Closed
@3nprob 3nprob marked this pull request as ready for review September 24, 2025 08:30
@3nprob 3nprob force-pushed the tor-control-pwauth branch 2 times, most recently from fa07bd7 to a503472 Compare October 27, 2025 09:03
roshii
roshii suggested changes Oct 28, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@roshii roshii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggesting a few changes before merging. New functionality should be covered by unit tests too.

Comment thread docs/onion-message-channels.md Outdated
Comment thread scripts/snicker/snicker-server.py Outdated
Comment thread src/jmdaemon/onionmc.py Outdated
@3nprob 3nprob force-pushed the tor-control-pwauth branch 2 times, most recently from b7dd40e to b320752 Compare October 28, 2025 20:08
roshii
roshii reviewed Oct 29, 2025
View reviewed changes
Comment thread src/jmbase/twisted_utils.py
Comment on lines +188 to +191
if self.tor_control_password is None:
d = txtorcon.connect(reactor, control_endpoint)
else:
d = txtorcon.connect(reactor, control_endpoint, password_function=lambda : self.tor_control_password)
Copy link
Copy Markdown
Contributor

@roshii roshii Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if self.tor_control_password is None:
d = txtorcon.connect(reactor, control_endpoint)
else:
d = txtorcon.connect(reactor, control_endpoint, password_function=lambda : self.tor_control_password)
password_function = lambda : self.tor_control_password if self.tor_control_password else None
d = txtorcon.connect(reactor, control_endpoint, password_function=password_function)

Copy link
Copy Markdown
Author

@3nprob 3nprob Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I find the former more readable. If maintainer prefer we can go with suggestion.

Comment thread src/jmdaemon/daemon_protocol.py Outdated
@3nprob 3nprob force-pushed the tor-control-pwauth branch from 3c21795 to 6a8db20 Compare November 1, 2025 02:21
3np and others added 4 commits November 1, 2025 02:29
tor: allow authenticating to control port using hashedpassword auth
7592b26 
- add configuration for tor_control_password for onion services
@3nprob @roshii
chore: Leading space for config comment
f08e759 
Co-authored-by: roshii <6266997+roshii@users.noreply.github.com>
@3nprob @roshii
use .get for accessing optional tor_control_password config entry
5dec884 
Co-authored-by: roshii <6266997+roshii@users.noreply.github.com>
test: add tor_control_password to test config
408124a
@3nprob 3nprob force-pushed the tor-control-pwauth branch from 6a8db20 to 408124a Compare November 1, 2025 02:30
@3nprob 3nprob requested a review from roshii November 1, 2025 03:35
@3nprob 3nprob mentioned this pull request Nov 1, 2025
Open
roshii
roshii reviewed Nov 1, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@roshii roshii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this looks overall ok, but needs to be covered by unit tests. we want to assess whether it behaves as intended: authenticating via password when provided in config, and via cookie when not.

@3nprob
Copy link
Copy Markdown
Author

3nprob commented Nov 1, 2025

this looks overall ok, but needs to be covered by unit tests. we want to assess whether it behaves as intended: authenticating via password when provided in config, and via cookie when not.

That sounds more like an integration test than a unit test?

Currently AFAICT no part of the tor configuration (including host and port) are currently tested this way and while I agree testing for all of them would be good, it requires significant new testing setup that IMO should be done separately and hopefully not be a blocker for supporting remote tor node.

@roshii
Copy link
Copy Markdown
Contributor

roshii commented Nov 2, 2025
edited
Loading

That sounds more like an integration test than a unit test?

should be unit tests.

  1. making sure config reads and loads password when set (may already be covered somehow)
  2. making sure service calls tor with intended config -- tor should be mocked here, we just it to assessed it'd called as expected

@theborakompanioni theborakompanioni mentioned this pull request Nov 23, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@roshii roshii roshii requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@3nprob @roshii