From 6459498da424d441539afad3dd8079028ba0e9aa Mon Sep 17 00:00:00 2001
From: Micah Lee <micah@micahflee.com>
Date: Thu, 22 Dec 2016 13:39:32 -0800
Subject: [PATCH] Add support for Tor control port authentication

---
 onionshare/onion.py      | 19 +++++++++++++++----
 resources/locale/en.json |  2 ++
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/onionshare/onion.py b/onionshare/onion.py
index b91105ef..b52429d3 100644
--- a/onionshare/onion.py
+++ b/onionshare/onion.py
@@ -20,6 +20,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 from stem.control import Controller
 from stem import SocketError
+from stem.connection import MissingPassword, UnreadableCookieFile
 import os, sys, tempfile, shutil, urllib
 
 from . import socks
@@ -54,22 +55,32 @@ class Onion(object):
         self.cleanup_filenames = []
         self.service_id = None
 
-        # connect to the tor controlport
-        found_tor = False
-        self.c = None
+        # if the TOR_CONTROL_PORT environment variable is set, use that
+        # otherwise, default to Tor Browser, Tor Messenger, and system tor ports
         env_port = os.environ.get('TOR_CONTROL_PORT')
         if env_port:
             ports = [int(env_port)]
         else:
             ports = [9151, 9153, 9051]
+
+        # if the TOR_AUTHENTICATION_PASSWORD is set, use that to authenticate
+        password = os.environ.get('TOR_AUTHENTICATION_PASSWORD')
+
+        # connect to the tor controlport
+        found_tor = False
+        self.c = None
         for port in ports:
             try:
                 self.c = Controller.from_port(port=port)
-                self.c.authenticate()
+                self.c.authenticate(password)
                 found_tor = True
                 break
             except SocketError:
                 pass
+            except MissingPassword:
+                raise NoTor(strings._("ctrlport_missing_password").format(str(ports)))
+            except UnreadableCookieFile:
+                raise NoTor(strings._("ctrlport_unreadable_cookie").format(str(ports)))
         if not found_tor:
             raise NoTor(strings._("cant_connect_ctrlport").format(str(ports)))
 
diff --git a/resources/locale/en.json b/resources/locale/en.json
index b35cf178..3d958dbf 100644
--- a/resources/locale/en.json
+++ b/resources/locale/en.json
@@ -2,6 +2,8 @@
     "connecting_ctrlport": "Connecting to Tor control port to set up onion service on port {0:d}.",
     "cant_connect_ctrlport": "Can't connect to Tor control port on port {0:s}. OnionShare requires Tor Browser to be running in the background to work. If you don't have it you can get it from https://www.torproject.org/.",
     "cant_connect_socksport": "Can't connect to Tor SOCKS5 server on port {0:s}. OnionShare requires Tor Browser to be running in the background to work. If you don't have it you can get it from https://www.torproject.org/.",
+    "ctrlport_missing_password": "Connected to Tor control port on port {0:s}, but you require a password. You must have the TOR_AUTHENTICATION_PASSWORD environment variable set. Or just open Tor Browser in the background.",
+    "ctrlport_unreadable_cookie": "Connected to Tor control port on port {0:s}, but your user does not have permission to authenticate. You might want to add a HashedControlPassword to your torrc, and set the TOR_AUTHENTICATION_PASSWORD environment variable. Or just open Tor Browser in the background.",
     "preparing_files": "Preparing files to share.",
     "wait_for_hs": "Waiting for HS to be ready:",
     "wait_for_hs_trying": "Trying...",