Merge #10997: RPC: Add option -stdinrpcpass to bitcoin-cli to allow RPC password to be read from standard input

79191f5 Add option -stdinrpcpass to allow RPC password to be read from standard input (Joe Harvell) Pull request description: Add a new command-line option to bitcoin-cli that allows the RPC password to be read from standard intput. The purpose of this option is to allow secure RPC password input to bitcoin-cli through an external program that is capable of disabling terminal echo. This option works similarly to the existing -stdin option, and also works when combined with that option. I have also written a simple ncurses based program that disables echo, gets input from the terminal and writes to standard output. I couldn't find an existing askpass program that doesn't require graphics libraries, since they are primarily used for getting passwords in a graphics environment. Unless someone can point out a suitable existing askpass program, I plan to submit my ncurses program to the contrib directory separately from this pull request. Tree-SHA512: 6d426d757de325d928fab42ea8e423273a7dea9f838acb745ccf9f9daa2b47e23044ec1c019cda1a081253f5145fc10f79ae82dfe7f8e952e1f271ec56018e14
author: Wladimir J. van der Laan <laanwj@gmail.com> 2017-08-24 08:35:42 +0200
committer: Wladimir J. van der Laan <laanwj@gmail.com> 2017-08-24 08:53:50 +0200
commit: affe9271aa4953ddbceb1bfe4e60838570272c56 (patch)
tree: bdd905bd0011143fdf161bd90eff36c4cbdf7770
parent: 00ada17230f7a76aba16bb60268f82f25dafcf3c (diff)
parent: 79191f51b50314920b387f5f7322427d14cbab19 (diff)
1 files changed, 10 insertions, 3 deletions
diff --git a/src/bitcoin-cli.cpp b/src/bitcoin-cli.cpp
index 8bec0289f5..fca6083ea8 100644
--- a/src/bitcoin-cli.cpp
+++ b/src/bitcoin-cli.cpp
@@ -45,7 +45,8 @@ std::string HelpMessageCli()
     strUsage += HelpMessageOpt("-rpcuser=<user>", _("Username for JSON-RPC connections"));
     strUsage += HelpMessageOpt("-rpcpassword=<pw>", _("Password for JSON-RPC connections"));
     strUsage += HelpMessageOpt("-rpcclienttimeout=<n>", strprintf(_("Timeout in seconds during HTTP requests, or 0 for no timeout. (default: %d)"), DEFAULT_HTTP_CLIENT_TIMEOUT));
-    strUsage += HelpMessageOpt("-stdin", _("Read extra arguments from standard input, one per line until EOF/Ctrl-D (recommended for sensitive information such as passphrases)"));
+    strUsage += HelpMessageOpt("-stdinrpcpass", strprintf(_("Read RPC password from standard input as a single line.  When combined with -stdin, the first line from standard input is used for the RPC password.")));
+    strUsage += HelpMessageOpt("-stdin", _("Read extra arguments from standard input, one per line until EOF/Ctrl-D (recommended for sensitive information such as passphrases).  When combined with -stdinrpcpass, the first line from standard input is used for the RPC password."));
     strUsage += HelpMessageOpt("-rpcwallet=<walletname>", _("Send RPC for non-default wallet on RPC server (argument is wallet filename in bitcoind directory, required if bitcoind/-Qt runs with multiple wallets)"));
 
     return strUsage;
@@ -190,7 +191,7 @@ static void http_error_cb(enum evhttp_request_error err, void *ctx)
 }
 #endif
 
-UniValue CallRPC(const std::string& strMethod, const UniValue& params)
+static UniValue CallRPC(const std::string& strMethod, const UniValue& params)
 {
     std::string host;
     // In preference order, we choose the following for the port:
@@ -222,7 +223,7 @@ UniValue CallRPC(const std::string& strMethod, const UniValue& params)
         // Try fall back to cookie-based authentication if no password is provided
         if (!GetAuthCookie(&strRPCUserColonPass)) {
             throw std::runtime_error(strprintf(
-                _("Could not locate RPC credentials. No authentication cookie could be found, and no rpcpassword is set in the configuration file (%s)"),
+                _("Could not locate RPC credentials. No authentication cookie could be found, and RPC password is not set.  See -rpcpassword and -stdinrpcpass.  Configuration file: (%s)"),
                     GetConfigFile(gArgs.GetArg("-conf", BITCOIN_CONF_FILENAME)).string().c_str()));
 
         }
@@ -293,6 +294,12 @@ int CommandLineRPC(int argc, char *argv[])
             argc--;
             argv++;
         }
+        std::string rpcPass;
+        if (gArgs.GetBoolArg("-stdinrpcpass", false)) {
+            if(!std::getline(std::cin,rpcPass))
+                throw std::runtime_error("-stdinrpcpass specified but failed to read from standard input");
+            gArgs.ForceSetArg("-rpcpassword", rpcPass);
+        }
         std::vector<std::string> args = std::vector<std::string>(&argv[1], &argv[argc]);
         if (gArgs.GetBoolArg("-stdin", false)) {
             // Read one arg per line from stdin and append
author	Wladimir J. van der Laan <laanwj@gmail.com>	2017-08-24 08:35:42 +0200
committer	Wladimir J. van der Laan <laanwj@gmail.com>	2017-08-24 08:53:50 +0200
commit	affe9271aa4953ddbceb1bfe4e60838570272c56 (patch)
tree	bdd905bd0011143fdf161bd90eff36c4cbdf7770
parent	00ada17230f7a76aba16bb60268f82f25dafcf3c (diff)
parent	79191f51b50314920b387f5f7322427d14cbab19 (diff)