add saveconf control command.

allow authentication by localhost, but if tor demands more, require more.


svn:r2704

src/or/control.c

@@ -11,8 +11,8 @@
 #include "or.h"
 
 /* Protocol outline: a bidirectional stream, over which each side
- * sends a series of messages.  Each message has a two-byte typecode,
+ * sends a series of messages.  Each message has a two-byte length field,
- * a two-byte length field, and a variable-length body whose length is
+ * a two-byte typecode, and a variable-length body whose length is
  * given in the length field.
  *
  * By default, the server only sends messages in response to client messages.
@@ -37,7 +37,8 @@
 #define CONTROL_CMD_SETEVENTS    0x0005
 #define CONTROL_CMD_EVENT        0x0006
 #define CONTROL_CMD_AUTHENTICATE 0x0007
-#define _CONTROL_CMD_MAX_RECOGNIZED 0x0007
+#define CONTROL_CMD_SAFECONF     0x0008
+#define _CONTROL_CMD_MAX_RECOGNIZED 0x0008
 
 /* Recognized error codes. */
 #define ERR_UNSPECIFIED             0x0000
@@ -47,6 +48,7 @@
 #define ERR_UNRECOGNIZED_EVENT_CODE 0x0004
 #define ERR_UNAUTHORIZED_USER       0x0005
 #define ERR_FAILED_AUTHENTICATION   0x0006
+#define ERR_FAILED_SAVECONF         0x0007
 
 /* Recongized asynchonous event types. */
 #define _EVENT_MIN            0x0001
@@ -68,9 +70,10 @@ static const char * CONTROL_COMMANDS[] = {
   "setevents",
   "events",
   "authenticate",
+  "saveconf",
 };
 
-/** Bitfield: The bit 1&lt;&lt;e is be set if <b>any</b> open control
+/** Bitfield: The bit 1&lt;&lt;e is set if <b>any</b> open control
  * connection is interested in events of type <b>e</b>.  We use this
  * so that we can decide to skip generating event messages that nobody
  * is interest in without having to walk over the global connection
@@ -106,6 +109,8 @@ static int handle_control_setevents(connection_t *conn, uint16_t len,
                                     const char *body);
 static int handle_control_authenticate(connection_t *conn, uint16_t len,
                                        const char *body);
+static int handle_control_saveconf(connection_t *conn, uint16_t len,
+                                   const char *body);
 
 /** Given a possibly invalid message type code <b>cmd</b>, return a
  * human-readable string equivalent. */
@@ -324,8 +329,11 @@ handle_control_authenticate(connection_t *conn, uint16_t len, const char *body)
     secret_to_key(received,DIGEST_LEN,body,len,expected);
     if (!memcmp(expected+S2K_SPECIFIER_LEN, received, DIGEST_LEN))
       goto ok;
+    goto err;
   }
-  if (len == 0) { /* accept it for now */
+  if (len == 0) {
+    /* if Tor doesn't demand any stronger authentication, then
+     * the controller can get in with a blank auth line. */
     goto ok;
   }
 
@@ -339,6 +347,14 @@ handle_control_authenticate(connection_t *conn, uint16_t len, const char *body)
   return 0;
 }
 
+static int
+handle_control_saveconf(connection_t *conn, uint16_t len,
+                        const char *body)
+{
+  send_control_error(conn, ERR_FAILED_SAVECONF, "Not implemented");
+  return 0;
+}
+
 /** Called when <b>conn</b> has no more bytes left on its outbuf. */
 int
 connection_control_finished_flushing(connection_t *conn) {
@@ -412,6 +428,10 @@ connection_control_process_inbuf(connection_t *conn) {
       if (handle_control_authenticate(conn, body_len, body))
         return -1;
       break;
+    case CONTROL_CMD_SAFECONF:
+      if (handle_control_saveconf(conn, body_len, body))
+        return -1;
+      break;
     case CONTROL_CMD_ERROR:
     case CONTROL_CMD_DONE:
     case CONTROL_CMD_CONFVALUE: