highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2026-01-19 14:53:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

args: Support -norpccookiefile for bitcoind and bitcoin-cli

Browse Source 
Replaces belt & suspenders check for initialization in RPCAuthorized() with not allowing empty passwords further down.
This commit is contained in:
Hodlinator
2024-12-03 10:20:31 +01:00
parent e82ad88452
commit 39cbd4f37c
2 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/httprpc.cpp
View File

@@ -134,8 +134,6 @@ static bool multiUserAuthorized(std::string strUserPass)
static bool RPCAuthorized(const std::string& strAuth, std::string& strAuthUsernameOut)
{
if (strRPCUserColonPass.empty()) // Belt-and-suspenders measure if InitRPCAuthentication was not called
return false;
if (strAuth.substr(0, 6) != "Basic ")
return false;
std::string_view strUserPass64 = TrimStringView(std::string_view{strAuth}.substr(6));
@@ -147,8 +145,9 @@ static bool RPCAuthorized(const std::string& strAuth, std::string& strAuthUserna
if (strUserPass.find(':') != std::string::npos)
strAuthUsernameOut = strUserPass.substr(0, strUserPass.find(':'));
//Check if authorized under single-user field
if (TimingResistantEqual(strUserPass, strRPCUserColonPass)) {
// Check if authorized under single-user field.
// (strRPCUserColonPass is empty when -norpccookiefile is specified).
if (!strRPCUserColonPass.empty() && TimingResistantEqual(strUserPass, strRPCUserColonPass)) {
return true;
}
return multiUserAuthorized(strUserPass);
@@ -294,8 +293,6 @@ static bool InitRPCAuthentication()
{
if (gArgs.GetArg("-rpcpassword", "") == "")
{
LogInfo("Using random cookie authentication.\n");
std::optional<fs::perms> cookie_perms{std::nullopt};
auto cookie_perms_arg{gArgs.GetArg("-rpccookieperms")};
if (cookie_perms_arg) {
@@ -307,9 +304,15 @@ static bool InitRPCAuthentication()
cookie_perms = *perm_opt;
}
assert(strRPCUserColonPass.empty()); // Only support initializing once
if (!GenerateAuthCookie(&strRPCUserColonPass, cookie_perms)) {
return false;
}
if (strRPCUserColonPass.empty()) {
LogInfo("RPC authentication cookie file generation is disabled.");
} else {
LogInfo("Using random cookie authentication.");
}
} else {
LogPrintf("Config options rpcuser and rpcpassword will soon be deprecated. Locally-run instances may remove rpcuser to use cookie-based auth, or may be replaced with rpcauth. Please see share/rpcauth for rpcauth auth generation.\n");
strRPCUserColonPass = gArgs.GetArg("-rpcuser", "") + ":" + gArgs.GetArg("-rpcpassword", "");