Browse Source

Merge branch 'rpcpassword' of https://github.com/gmaxwell/bitcoin

0.8
Gavin Andresen 13 years ago
parent
commit
0b9a05a2bc
  1. 23
      src/bitcoinrpc.cpp

23
src/bitcoinrpc.cpp

@ -2368,18 +2368,25 @@ void ThreadRPCServer2(void* parg) @@ -2368,18 +2368,25 @@ void ThreadRPCServer2(void* parg)
printf("ThreadRPCServer started\n");
strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"];
if (strRPCUserColonPass == ":")
if (mapArgs["-rpcpassword"] == "")
{
unsigned char rand_pwd[32];
RAND_bytes(rand_pwd, 32);
string strWhatAmI = "To use bitcoind";
if (mapArgs.count("-server"))
strWhatAmI = strprintf(_("To use the %s option"), "\"-server\"");
else if (mapArgs.count("-daemon"))
strWhatAmI = strprintf(_("To use the %s option"), "\"-daemon\"");
PrintConsole(
_("Error: %s, you must set rpcpassword=<password>\nin the configuration file: %s\n"
_("Error: %s, you must set a rpcpassword in the configuration file:\n %s\n"
"It is recommended you use the following random password:\n"
"rpcuser=bitcoinrpc\n"
"rpcpassword=%s\n"
"(you do not need to remember this password)\n"
"If the file does not exist, create it with owner-readable-only file permissions.\n"),
strWhatAmI.c_str(),
GetConfigFile().c_str());
GetConfigFile().c_str(),
EncodeBase58(&rand_pwd[0],&rand_pwd[0]+32).c_str());
#ifndef QT_GUI
CreateThread(Shutdown, NULL);
#endif
@ -2468,12 +2475,14 @@ void ThreadRPCServer2(void* parg) @@ -2468,12 +2475,14 @@ void ThreadRPCServer2(void* parg)
}
if (!HTTPAuthorized(mapHeaders))
{
// Deter brute-forcing short passwords
if (mapArgs["-rpcpassword"].size() < 15)
Sleep(50);
printf("ThreadRPCServer incorrect password attempt from %s\n",peer.address().to_string().c_str());
/* Deter brute-forcing short passwords.
If this results in a DOS the user really
shouldn't have their RPC port exposed.*/
if (mapArgs["-rpcpassword"].size() < 20)
Sleep(250);
stream << HTTPReply(401, "") << std::flush;
printf("ThreadRPCServer incorrect password attempt\n");
continue;
}

Loading…
Cancel
Save