kvazar
/
kevacoin
mirror of https://github.com/kvazar-network/kevacoin.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch 'rpcpassword' of https://github.com/gmaxwell/bitcoin

0.8
Gavin Andresen 13 years ago
parent
30999ec6f9 b04f301c8e
commit
0b9a05a2bc
1 changed files with 16 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 23
      src/bitcoinrpc.cpp

23
src/bitcoinrpc.cpp
Unescape View File

@ -2368,18 +2368,25 @@ void ThreadRPCServer2(void* parg)
printf("ThreadRPCServer started\n"); printf("ThreadRPCServer started\n");
strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"]; strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"];
if (strRPCUserColonPass == ":") if (mapArgs["-rpcpassword"] == "")
{ {
unsigned char rand_pwd[32];
RAND_bytes(rand_pwd, 32);
string strWhatAmI = "To use bitcoind"; string strWhatAmI = "To use bitcoind";
if (mapArgs.count("-server")) if (mapArgs.count("-server"))
strWhatAmI = strprintf(_("To use the %s option"), "\"-server\""); strWhatAmI = strprintf(_("To use the %s option"), "\"-server\"");
else if (mapArgs.count("-daemon")) else if (mapArgs.count("-daemon"))
strWhatAmI = strprintf(_("To use the %s option"), "\"-daemon\""); strWhatAmI = strprintf(_("To use the %s option"), "\"-daemon\"");
PrintConsole( PrintConsole(
_("Error: %s, you must set rpcpassword=<password>\nin the configuration file: %s\n" _("Error: %s, you must set a rpcpassword in the configuration file:\n %s\n"
"It is recommended you use the following random password:\n"
"rpcuser=bitcoinrpc\n"
"rpcpassword=%s\n"
"(you do not need to remember this password)\n"
"If the file does not exist, create it with owner-readable-only file permissions.\n"), "If the file does not exist, create it with owner-readable-only file permissions.\n"),
strWhatAmI.c_str(), strWhatAmI.c_str(),
GetConfigFile().c_str()); GetConfigFile().c_str(),
EncodeBase58(&rand_pwd[0],&rand_pwd[0]+32).c_str());
#ifndef QT_GUI #ifndef QT_GUI
CreateThread(Shutdown, NULL); CreateThread(Shutdown, NULL);
#endif #endif
@ -2468,12 +2475,14 @@ void ThreadRPCServer2(void* parg)
} }
if (!HTTPAuthorized(mapHeaders)) if (!HTTPAuthorized(mapHeaders))
{ {
// Deter brute-forcing short passwords printf("ThreadRPCServer incorrect password attempt from %s\n",peer.address().to_string().c_str());
if (mapArgs["-rpcpassword"].size() < 15) /* Deter brute-forcing short passwords.
Sleep(50); If this results in a DOS the user really
shouldn't have their RPC port exposed.*/
if (mapArgs["-rpcpassword"].size() < 20)
Sleep(250);
stream << HTTPReply(401, "") << std::flush; stream << HTTPReply(401, "") << std::flush;
printf("ThreadRPCServer incorrect password attempt\n");
continue; continue;
} }

Write Preview
Loading…
Cancel
Save