diff options
| author | Gavin Andresen <gavinandresen@gmail.com> | 2012-02-06 15:10:30 -0500 |
|---|---|---|
| committer | Gavin Andresen <gavinandresen@gmail.com> | 2012-02-06 15:10:30 -0500 |
| commit | 0b9a05a2bc1c1c6a86cdd9f25d43ab7224fd8731 (patch) | |
| tree | b79a991c9ed87288d7f4a820fb54d7627fa21216 | |
| parent | 30999ec6f93542197ea1692f49ea034e13017b4f (diff) | |
| parent | b04f301c8edb0d062864af58e20a65079f9624b7 (diff) | |
Merge branch 'rpcpassword' of https://github.com/gmaxwell/bitcoin
| -rw-r--r-- | src/bitcoinrpc.cpp | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/src/bitcoinrpc.cpp b/src/bitcoinrpc.cpp index 03c01f7b21..903bde8004 100644 --- a/src/bitcoinrpc.cpp +++ b/src/bitcoinrpc.cpp @@ -2368,18 +2368,25 @@ void ThreadRPCServer2(void* parg) printf("ThreadRPCServer started\n"); strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"]; - if (strRPCUserColonPass == ":") + if (mapArgs["-rpcpassword"] == "") { + unsigned char rand_pwd[32]; + RAND_bytes(rand_pwd, 32); string strWhatAmI = "To use bitcoind"; if (mapArgs.count("-server")) strWhatAmI = strprintf(_("To use the %s option"), "\"-server\""); else if (mapArgs.count("-daemon")) strWhatAmI = strprintf(_("To use the %s option"), "\"-daemon\""); PrintConsole( - _("Error: %s, you must set rpcpassword=<password>\nin the configuration file: %s\n" + _("Error: %s, you must set a rpcpassword in the configuration file:\n %s\n" + "It is recommended you use the following random password:\n" + "rpcuser=bitcoinrpc\n" + "rpcpassword=%s\n" + "(you do not need to remember this password)\n" "If the file does not exist, create it with owner-readable-only file permissions.\n"), strWhatAmI.c_str(), - GetConfigFile().c_str()); + GetConfigFile().c_str(), + EncodeBase58(&rand_pwd[0],&rand_pwd[0]+32).c_str()); #ifndef QT_GUI CreateThread(Shutdown, NULL); #endif @@ -2468,12 +2475,14 @@ void ThreadRPCServer2(void* parg) } if (!HTTPAuthorized(mapHeaders)) { - // Deter brute-forcing short passwords - if (mapArgs["-rpcpassword"].size() < 15) - Sleep(50); + printf("ThreadRPCServer incorrect password attempt from %s\n",peer.address().to_string().c_str()); + /* Deter brute-forcing short passwords. + If this results in a DOS the user really + shouldn't have their RPC port exposed.*/ + if (mapArgs["-rpcpassword"].size() < 20) + Sleep(250); stream << HTTPReply(401, "") << std::flush; - printf("ThreadRPCServer incorrect password attempt\n"); continue; } |