Browse Source

Merge branch 'rpcpassword' of https://github.com/gmaxwell/bitcoin

miguelfreitas
Gavin Andresen 13 years ago
parent
commit
0b9a05a2bc
  1. 23
      src/bitcoinrpc.cpp

23
src/bitcoinrpc.cpp

@ -2368,18 +2368,25 @@ void ThreadRPCServer2(void* parg)
printf("ThreadRPCServer started\n"); printf("ThreadRPCServer started\n");
strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"]; strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"];
if (strRPCUserColonPass == ":") if (mapArgs["-rpcpassword"] == "")
{ {
unsigned char rand_pwd[32];
RAND_bytes(rand_pwd, 32);
string strWhatAmI = "To use bitcoind"; string strWhatAmI = "To use bitcoind";
if (mapArgs.count("-server")) if (mapArgs.count("-server"))
strWhatAmI = strprintf(_("To use the %s option"), "\"-server\""); strWhatAmI = strprintf(_("To use the %s option"), "\"-server\"");
else if (mapArgs.count("-daemon")) else if (mapArgs.count("-daemon"))
strWhatAmI = strprintf(_("To use the %s option"), "\"-daemon\""); strWhatAmI = strprintf(_("To use the %s option"), "\"-daemon\"");
PrintConsole( PrintConsole(
_("Error: %s, you must set rpcpassword=<password>\nin the configuration file: %s\n" _("Error: %s, you must set a rpcpassword in the configuration file:\n %s\n"
"It is recommended you use the following random password:\n"
"rpcuser=bitcoinrpc\n"
"rpcpassword=%s\n"
"(you do not need to remember this password)\n"
"If the file does not exist, create it with owner-readable-only file permissions.\n"), "If the file does not exist, create it with owner-readable-only file permissions.\n"),
strWhatAmI.c_str(), strWhatAmI.c_str(),
GetConfigFile().c_str()); GetConfigFile().c_str(),
EncodeBase58(&rand_pwd[0],&rand_pwd[0]+32).c_str());
#ifndef QT_GUI #ifndef QT_GUI
CreateThread(Shutdown, NULL); CreateThread(Shutdown, NULL);
#endif #endif
@ -2468,12 +2475,14 @@ void ThreadRPCServer2(void* parg)
} }
if (!HTTPAuthorized(mapHeaders)) if (!HTTPAuthorized(mapHeaders))
{ {
// Deter brute-forcing short passwords printf("ThreadRPCServer incorrect password attempt from %s\n",peer.address().to_string().c_str());
if (mapArgs["-rpcpassword"].size() < 15) /* Deter brute-forcing short passwords.
Sleep(50); If this results in a DOS the user really
shouldn't have their RPC port exposed.*/
if (mapArgs["-rpcpassword"].size() < 20)
Sleep(250);
stream << HTTPReply(401, "") << std::flush; stream << HTTPReply(401, "") << std::flush;
printf("ThreadRPCServer incorrect password attempt\n");
continue; continue;
} }

Loading…
Cancel
Save