diff options
| author | Wladimir J. van der Laan <laanwj@protonmail.com> | 2019-10-02 18:36:01 +0200 |
|---|---|---|
| committer | Wladimir J. van der Laan <laanwj@protonmail.com> | 2019-10-02 18:37:14 +0200 |
| commit | f4a0d27e85754d60804ffa36e415b67c263180b9 (patch) | |
| tree | 9889686ebab2cd3c5e0c3f00b84cdbddbd6a15c8 /src | |
| parent | fecc1be23143476b981352e8516cf9cce0450d62 (diff) | |
| parent | 50c4afa3c420f11329cffb091b62beeb96b39183 (diff) | |
Merge #13716: bitcoin-cli: -stdinwalletpassphrase and non-echo stdin passwords
50c4afa3c420f11329cffb091b62beeb96b39183 add newline after -stdin* (Karl-Johan Alm)
7f11fba2e3c7b1e00ffb98504cdcfc2ded9c09cf cli: add -stdinwalletpassphrase for (slightly more) secure CLI (Karl-Johan Alm)
0da503e9475fea5644168544668581796bf66334 add stdin helpers for password input support (Karl-Johan Alm)
Pull request description:
This PR
* adds `-stdinwalletpassphrase` for use with `walletpasshprase(change)`
* adds no-echo for passwords (`-stdinrpcpass` and above)
It may not be ideal, but it's better than having to clear the screen whenever you unlock the wallet.
ACKs for top commit:
laanwj:
code review ACK 50c4afa3c420f11329cffb091b62beeb96b39183
Tree-SHA512: 473db8a303ff360ffaa36ac81a2f82be2136fa82696df0bc4f33cb44033a3ae258b5aa5bbcc1f101f88ae9abe9598ed564ce52877ab139bd5d709833f5275ec6
Diffstat (limited to 'src')
| -rw-r--r-- | src/Makefile.am | 2 | ||||
| -rw-r--r-- | src/bitcoin-cli.cpp | 33 | ||||
| -rw-r--r-- | src/compat/stdin.cpp | 72 | ||||
| -rw-r--r-- | src/compat/stdin.h | 18 |
4 files changed, 124 insertions, 1 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 1ef62a656d..d25f7ebe87 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -520,6 +520,8 @@ endif libbitcoin_cli_a_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) libbitcoin_cli_a_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) libbitcoin_cli_a_SOURCES = \ + compat/stdin.h \ + compat/stdin.cpp \ rpc/client.cpp \ $(BITCOIN_CORE_H) diff --git a/src/bitcoin-cli.cpp b/src/bitcoin-cli.cpp index a6756fcce7..73773c4ec5 100644 --- a/src/bitcoin-cli.cpp +++ b/src/bitcoin-cli.cpp @@ -27,6 +27,7 @@ #include <support/events.h> #include <univalue.h> +#include <compat/stdin.h> const std::function<std::string(const char*)> G_TRANSLATION_FUN = nullptr; @@ -58,7 +59,8 @@ static void SetupCliArgs() gArgs.AddArg("-rpcwait", "Wait for RPC server to start", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS); gArgs.AddArg("-rpcwallet=<walletname>", "Send RPC for non-default wallet on RPC server (needs to exactly match corresponding -wallet option passed to bitcoind). This changes the RPC endpoint used, e.g. http://127.0.0.1:8332/wallet/<walletname>", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS); gArgs.AddArg("-stdin", "Read extra arguments from standard input, one per line until EOF/Ctrl-D (recommended for sensitive information such as passphrases). When combined with -stdinrpcpass, the first line from standard input is used for the RPC password.", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS); - gArgs.AddArg("-stdinrpcpass", "Read RPC password from standard input as a single line. When combined with -stdin, the first line from standard input is used for the RPC password.", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS); + gArgs.AddArg("-stdinrpcpass", "Read RPC password from standard input as a single line. When combined with -stdin, the first line from standard input is used for the RPC password. When combined with -stdinwalletpassphrase, -stdinrpcpass consumes the first line, and -stdinwalletpassphrase consumes the second.", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS); + gArgs.AddArg("-stdinwalletpassphrase", "Read wallet passphrase from standard input as a single line. When combined with -stdin, the first line from standard input is used for the wallet passphrase.", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS); } /** libevent event log callback */ @@ -411,18 +413,47 @@ static int CommandLineRPC(int argc, char *argv[]) } std::string rpcPass; if (gArgs.GetBoolArg("-stdinrpcpass", false)) { + NO_STDIN_ECHO(); + if (!StdinReady()) { + fputs("RPC password> ", stderr); + fflush(stderr); + } if (!std::getline(std::cin, rpcPass)) { throw std::runtime_error("-stdinrpcpass specified but failed to read from standard input"); } + if (StdinTerminal()) { + fputc('\n', stdout); + } gArgs.ForceSetArg("-rpcpassword", rpcPass); } std::vector<std::string> args = std::vector<std::string>(&argv[1], &argv[argc]); + if (gArgs.GetBoolArg("-stdinwalletpassphrase", false)) { + NO_STDIN_ECHO(); + std::string walletPass; + if (args.size() < 1 || args[0].substr(0, 16) != "walletpassphrase") { + throw std::runtime_error("-stdinwalletpassphrase is only applicable for walletpassphrase(change)"); + } + if (!StdinReady()) { + fputs("Wallet passphrase> ", stderr); + fflush(stderr); + } + if (!std::getline(std::cin, walletPass)) { + throw std::runtime_error("-stdinwalletpassphrase specified but failed to read from standard input"); + } + if (StdinTerminal()) { + fputc('\n', stdout); + } + args.insert(args.begin() + 1, walletPass); + } if (gArgs.GetBoolArg("-stdin", false)) { // Read one arg per line from stdin and append std::string line; while (std::getline(std::cin, line)) { args.push_back(line); } + if (StdinTerminal()) { + fputc('\n', stdout); + } } std::unique_ptr<BaseRequestHandler> rh; std::string method; diff --git a/src/compat/stdin.cpp b/src/compat/stdin.cpp new file mode 100644 index 0000000000..4f2ba1e9c4 --- /dev/null +++ b/src/compat/stdin.cpp @@ -0,0 +1,72 @@ +// Copyright (c) 2018 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#if defined(HAVE_CONFIG_H) +#include <config/bitcoin-config.h> +#endif + +#include <cstdio> // for fileno(), stdin + +#ifdef WIN32 +#include <windows.h> // for SetStdinEcho() +#include <io.h> // for isatty() +#else +#include <termios.h> // for SetStdinEcho() +#include <unistd.h> // for SetStdinEcho(), isatty() +#include <sys/poll.h> // for StdinReady() +#endif + +#include <compat/stdin.h> + +// https://stackoverflow.com/questions/1413445/reading-a-password-from-stdcin +void SetStdinEcho(bool enable) +{ +#ifdef WIN32 + HANDLE hStdin = GetStdHandle(STD_INPUT_HANDLE); + DWORD mode; + GetConsoleMode(hStdin, &mode); + if (!enable) { + mode &= ~ENABLE_ECHO_INPUT; + } else { + mode |= ENABLE_ECHO_INPUT; + } + SetConsoleMode(hStdin, mode); +#else + struct termios tty; + tcgetattr(STDIN_FILENO, &tty); + if (!enable) { + tty.c_lflag &= ~ECHO; + } else { + tty.c_lflag |= ECHO; + } + (void)tcsetattr(STDIN_FILENO, TCSANOW, &tty); +#endif +} + +bool StdinTerminal() +{ +#ifdef WIN32 + return _isatty(_fileno(stdin)); +#else + return isatty(fileno(stdin)); +#endif +} + +bool StdinReady() +{ + if (!StdinTerminal()) { + return true; + } +#ifdef WIN32 + return false; +#else + struct pollfd fds; + fds.fd = 0; /* this is STDIN */ + fds.events = POLLIN; + return poll(&fds, 1, 0) == 1; +#endif +} + +NoechoInst::NoechoInst() { SetStdinEcho(false); } +NoechoInst::~NoechoInst() { SetStdinEcho(true); } diff --git a/src/compat/stdin.h b/src/compat/stdin.h new file mode 100644 index 0000000000..468fe4d6a6 --- /dev/null +++ b/src/compat/stdin.h @@ -0,0 +1,18 @@ +// Copyright (c) 2018 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#ifndef BITCOIN_COMPAT_STDIN_H +#define BITCOIN_COMPAT_STDIN_H + +struct NoechoInst { + NoechoInst(); + ~NoechoInst(); +}; + +#define NO_STDIN_ECHO() NoechoInst _no_echo + +bool StdinTerminal(); +bool StdinReady(); + +#endif // BITCOIN_COMPAT_STDIN_H |