RPC: Add option -stdinrpcpass to bitcoin-cli to allow RPC password to be read from standard input #10997
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Author
|
I created an askpass utility program (https://github.com/jharvell/askpass) since I didn't find one to my liking. In particular, this one supports mult-line input which would be needed for -stdinrpcpass combined with -stdin. |
laanwj
reviewed
Aug 8, 2017
src/bitcoin-cli.cpp
Outdated
Member
There was a problem hiding this comment.
Suggestion: ForceSetArg("-rpcpassword", rpcPass) here, I think this avoids most of the other changes.
laanwj
reviewed
Aug 8, 2017
src/bitcoin-cli.cpp
Outdated
Member
There was a problem hiding this comment.
Please use throw std::runtime_error("-stdinrpcpass specified but failed to read from standard input"), this will do automatically the right thing (like adding error: in front, adding a newline and setting the return code).
Author
|
I realized I had committed with the wrong author email. So I did a rebase where I amended the author email. Both commits are the same content, just now with the correct author email (and hash). Also, let me know if you want me to do one last rebase and squash to a single commit if/before you merge to master. |
laanwj
reviewed
Aug 10, 2017
src/bitcoin-cli.cpp
Outdated
Member
There was a problem hiding this comment.
I don't understand this change. I think it's better to leave it out as it's not relevant to adding -stdinrpcpass, it also duplicates the credentials error which is a bit ugly.
Author
There was a problem hiding this comment.
Without this change, it is possible to specify an RPC password (either through explicit option for via -stdinrpcpass) without specifying an RPC user. In this case, the authentication token is ":<rpcpass>". I had assumed that this could never match and was an error. Now that I think about it, perhaps this was an intentional mechanism to allow an empty RPC user.
In any case, I will remove this change.
Author
There was a problem hiding this comment.
done.
Also, let me know if/when to rebase to combine these three commits into one.
Member
|
Looks good to me now utACK. Would be nice if someone could test, though.
Yes please. |
Contributor
|
utACK 4bd8775ec3ea1d32a15aad9ceb6fcf21694df9d6 (yes, please squash). |
Author
|
squashed to single commit |
Member
|
Tested ACK 79191f5 |
laanwj
added a commit
that referenced
this pull request
Aug 24, 2017
…PC password to be read from standard input 79191f5 Add option -stdinrpcpass to allow RPC password to be read from standard input (Joe Harvell) Pull request description: Add a new command-line option to bitcoin-cli that allows the RPC password to be read from standard intput. The purpose of this option is to allow secure RPC password input to bitcoin-cli through an external program that is capable of disabling terminal echo. This option works similarly to the existing -stdin option, and also works when combined with that option. I have also written a simple ncurses based program that disables echo, gets input from the terminal and writes to standard output. I couldn't find an existing askpass program that doesn't require graphics libraries, since they are primarily used for getting passwords in a graphics environment. Unless someone can point out a suitable existing askpass program, I plan to submit my ncurses program to the contrib directory separately from this pull request. Tree-SHA512: 6d426d757de325d928fab42ea8e423273a7dea9f838acb745ccf9f9daa2b47e23044ec1c019cda1a081253f5145fc10f79ae82dfe7f8e952e1f271ec56018e14
promag
reviewed
Aug 24, 2017
| } | ||
| std::string rpcPass; | ||
| if (gArgs.GetBoolArg("-stdinrpcpass", false)) { | ||
| if(!std::getline(std::cin,rpcPass)) |
Contributor
There was a problem hiding this comment.
Nit, missing spaces after if and , and missing {.
@laanwj I'm writing a test for bitcoin-cli, maybe add a commit there to fix these?
luke-jr
pushed a commit
to bitcoinknots/bitcoin
that referenced
this pull request
Sep 2, 2017
…rd input Github-Pull: bitcoin#10997 Rebased-From: 79191f5
laanwj
added a commit
that referenced
this pull request
Sep 6, 2017
29e1dfb [test] Add bitcoin-cli -stdin and -stdinrpcpass functional tests (João Barbosa) ce379b4 [test] Replace check_output with low level version (João Barbosa) 232e3e8 [test] Add assert_raises_process_error to assert process errors (João Barbosa) 5c18a84 [test] Add support for custom arguments to TestNodeCLI (João Barbosa) e127494 [test] Improve assert_raises_jsonrpc docstring (João Barbosa) 7696841 Fix style in -stdin and -stdinrpcpass handling (João Barbosa) Pull request description: This patch adds tests for `bitcoin-cli` options `-stdin` (#7550) and `-stdinrpcpass` #10997. Tree-SHA512: fd8133f44876f2b5b41dfd3762b1988598f6b7bf13fb2385ad95876825d9c0b2b896ce4ea6eeb21012158e1f276907f155d37bb967198b609d2d3dddbfa334c1
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Dec 9, 2019
…allow RPC password to be read from standard input 79191f5 Add option -stdinrpcpass to allow RPC password to be read from standard input (Joe Harvell) Pull request description: Add a new command-line option to bitcoin-cli that allows the RPC password to be read from standard intput. The purpose of this option is to allow secure RPC password input to bitcoin-cli through an external program that is capable of disabling terminal echo. This option works similarly to the existing -stdin option, and also works when combined with that option. I have also written a simple ncurses based program that disables echo, gets input from the terminal and writes to standard output. I couldn't find an existing askpass program that doesn't require graphics libraries, since they are primarily used for getting passwords in a graphics environment. Unless someone can point out a suitable existing askpass program, I plan to submit my ncurses program to the contrib directory separately from this pull request. Tree-SHA512: 6d426d757de325d928fab42ea8e423273a7dea9f838acb745ccf9f9daa2b47e23044ec1c019cda1a081253f5145fc10f79ae82dfe7f8e952e1f271ec56018e14
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Dec 9, 2019
…nal tests 29e1dfb [test] Add bitcoin-cli -stdin and -stdinrpcpass functional tests (João Barbosa) ce379b4 [test] Replace check_output with low level version (João Barbosa) 232e3e8 [test] Add assert_raises_process_error to assert process errors (João Barbosa) 5c18a84 [test] Add support for custom arguments to TestNodeCLI (João Barbosa) e127494 [test] Improve assert_raises_jsonrpc docstring (João Barbosa) 7696841 Fix style in -stdin and -stdinrpcpass handling (João Barbosa) Pull request description: This patch adds tests for `bitcoin-cli` options `-stdin` (bitcoin#7550) and `-stdinrpcpass` bitcoin#10997. Tree-SHA512: fd8133f44876f2b5b41dfd3762b1988598f6b7bf13fb2385ad95876825d9c0b2b896ce4ea6eeb21012158e1f276907f155d37bb967198b609d2d3dddbfa334c1
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jan 3, 2020
…allow RPC password to be read from standard input 79191f5 Add option -stdinrpcpass to allow RPC password to be read from standard input (Joe Harvell) Pull request description: Add a new command-line option to bitcoin-cli that allows the RPC password to be read from standard intput. The purpose of this option is to allow secure RPC password input to bitcoin-cli through an external program that is capable of disabling terminal echo. This option works similarly to the existing -stdin option, and also works when combined with that option. I have also written a simple ncurses based program that disables echo, gets input from the terminal and writes to standard output. I couldn't find an existing askpass program that doesn't require graphics libraries, since they are primarily used for getting passwords in a graphics environment. Unless someone can point out a suitable existing askpass program, I plan to submit my ncurses program to the contrib directory separately from this pull request. Tree-SHA512: 6d426d757de325d928fab42ea8e423273a7dea9f838acb745ccf9f9daa2b47e23044ec1c019cda1a081253f5145fc10f79ae82dfe7f8e952e1f271ec56018e14
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jan 3, 2020
…nal tests 29e1dfb [test] Add bitcoin-cli -stdin and -stdinrpcpass functional tests (João Barbosa) ce379b4 [test] Replace check_output with low level version (João Barbosa) 232e3e8 [test] Add assert_raises_process_error to assert process errors (João Barbosa) 5c18a84 [test] Add support for custom arguments to TestNodeCLI (João Barbosa) e127494 [test] Improve assert_raises_jsonrpc docstring (João Barbosa) 7696841 Fix style in -stdin and -stdinrpcpass handling (João Barbosa) Pull request description: This patch adds tests for `bitcoin-cli` options `-stdin` (bitcoin#7550) and `-stdinrpcpass` bitcoin#10997. Tree-SHA512: fd8133f44876f2b5b41dfd3762b1988598f6b7bf13fb2385ad95876825d9c0b2b896ce4ea6eeb21012158e1f276907f155d37bb967198b609d2d3dddbfa334c1 remove duplicate method Signed-off-by: Pasta <pasta@dashboost.org>
jasonbcox
pushed a commit
to Bitcoin-ABC/bitcoin-abc
that referenced
this pull request
Oct 25, 2020
Summary: This includes a sentence in the documentation of `-stdin` that was missed while backporting [[bitcoin/bitcoin#10997 | PR10997]] (D1042), and the removal of a redundant `strprintf`. The double space was already removed in D3058. This is a backport of Core [[bitcoin/bitcoin#13905 | PR13905]] Test Plan: `ninja && ninja check` `bitcoin-cli -help` Reviewers: O1 Bitcoin ABC, #bitcoin_abc, deadalnix Reviewed By: O1 Bitcoin ABC, #bitcoin_abc, deadalnix Differential Revision: https://reviews.bitcoinabc.org/D8105
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add a new command-line option to bitcoin-cli that allows the RPC password to be read from standard intput. The purpose of this option is to allow secure RPC password input to bitcoin-cli through an external program that is capable of disabling terminal echo.
This option works similarly to the existing -stdin option, and also works when combined with that option.
I have also written a simple ncurses based program that disables echo, gets input from the terminal and writes to standard output. I couldn't find an existing askpass program that doesn't require graphics libraries, since they are primarily used for getting passwords in a graphics environment. Unless someone can point out a suitable existing askpass program, I plan to submit my ncurses program to the contrib directory separately from this pull request.