Use rpcauth for btc authentication rather than user/pass

This commit is contained in:
Taylor Helsper 2019-08-19 20:36:58 -05:00
parent e821e7c8bb
commit 35a47949de
9 changed files with 89 additions and 16 deletions

View File

@ -12,9 +12,12 @@ daemon=1
txindex=1
# Connection settings
rpcuser=mynode
#rpcuser=mynode
# This password was randomly generated by your device. Changing it may cause problems.
rpcpassword=bolt
#rpcpassword=bolt
rpcauth=mynode:7b7e11c032ddd3fc3835e4e463afd305$6c6a32bbd08cb1b67b5ea89b66865c5ca2bf6fd8a91a19d6a4d58157fe0882b4
rpcport=8332
rpcbind=127.0.0.1
rpcallowip=127.0.0.1

View File

@ -12,9 +12,12 @@ daemon=1
txindex=1
# Connection settings
rpcuser=mynode
#rpcuser=mynode
# This password was randomly generated by your device. Changing it may cause problems.
rpcpassword=bolt
#rpcpassword=bolt
rpcauth=mynode:7b7e11c032ddd3fc3835e4e463afd305$6c6a32bbd08cb1b67b5ea89b66865c5ca2bf6fd8a91a19d6a4d58157fe0882b4
rpcport=8332
rpcbind=127.0.0.1
rpcallowip=127.0.0.1

View File

@ -10,6 +10,7 @@ ExecStartPre=/usr/bin/wait_on_uploader.sh
ExecStartPre=/bin/sh -c 'cat /mnt/hdd/mynode/quicksync/.quicksync_complete'
EnvironmentFile=/mnt/hdd/mynode/bitcoin/env
ExecStart=/usr/local/bin/bitcoind -daemon $BTCARGS -deprecatedrpc=accounts -par=-1 -conf=/home/bitcoin/.bitcoin/bitcoin.conf -printtoconsole -pid=/home/bitcoin/.bitcoin/bitcoind.pid
ExecStartPost=+/usr/bin/mynode_post_bitcoin.sh
PIDFile=/home/bitcoin/.bitcoin/bitcoind.pid
User=bitcoin
Group=bitcoin

View File

@ -0,0 +1,46 @@
#!/usr/bin/env python3
# Copyright (c) 2015-2018 The Bitcoin Core developers
# Distributed under the MIT software license, see the accompanying
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
from argparse import ArgumentParser
from base64 import urlsafe_b64encode
from binascii import hexlify
from getpass import getpass
from os import urandom
import hmac
def generate_salt(size):
"""Create size byte hex salt"""
return hexlify(urandom(size)).decode()
def generate_password():
"""Create 32 byte b64 password"""
return urlsafe_b64encode(urandom(32)).decode('utf-8')
def password_to_hmac(salt, password):
m = hmac.new(bytearray(salt, 'utf-8'), bytearray(password, 'utf-8'), 'SHA256')
return m.hexdigest()
def main():
parser = ArgumentParser(description='Create login credentials for a JSON-RPC user')
parser.add_argument('username', help='the username for authentication')
parser.add_argument('password', help='leave empty to generate a random password or specify "-" to prompt for password', nargs='?')
args = parser.parse_args()
if not args.password:
args.password = generate_password()
elif args.password == '-':
args.password = getpass()
# Create 16 byte hex salt
salt = generate_salt(16)
password_hmac = password_to_hmac(salt, args.password)
#print('String to be appended to bitcoin.conf:')
print('rpcauth={0}:{1}${2}'.format(args.username, salt, password_hmac))
#print('Your password:\n{0}'.format(args.password))
if __name__ == '__main__':
main()

View File

@ -0,0 +1,14 @@
#!/bin/bash
source /usr/share/mynode/mynode_config.sh
set -x
sleep 60s
# Give admin the ability to access the BTC cookie
cp -f /mnt/hdd/mynode/bitcoin/.cookie /home/admin/.bitcoin/.cookie
chown admin:admin /home/admin/.bitcoin/.cookie
# Sync FS
sync

View File

@ -102,7 +102,9 @@ fi
cp -f /usr/share/mynode/bitcoin.conf /mnt/hdd/mynode/bitcoin/bitcoin.conf
PW=$(cat /mnt/hdd/mynode/settings/.btcrpcpw)
sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
RPCAUTH=$(gen_rpcauth.py mynode $PW)
#sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
sed -i "s/rpcauth=.*/$RPCAUTH/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
cp -f /mnt/hdd/mynode/bitcoin/bitcoin.conf /home/admin/.bitcoin/bitcoin.conf
chown bitcoin:bitcoin /mnt/hdd/mynode/bitcoin/bitcoin.conf
@ -134,14 +136,12 @@ fi
echo "BTC_RPC_PASSWORD=$PW" > /mnt/hdd/mynode/settings/.btcrpc_environment
chown bitcoin:bitcoin /mnt/hdd/mynode/settings/.btcrpc_environment
if [ -f /mnt/hdd/mynode/bitcoin/bitcoin.conf ]; then
sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
fi
if [ -f /home/admin/.bitcoin/bitcoin.conf ]; then
sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /home/admin/.bitcoin/bitcoin.conf
else
cp -f /mnt/hdd/mynode/bitcoin/bitcoin.conf /home/admin/.bitcoin/bitcoin.conf
chown admin:admin /home/admin/.bitcoin/bitcoin.conf
#sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
sed -i "s/rpcauth=.*/$RPCAUTH/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
fi
cp -f /mnt/hdd/mynode/bitcoin/bitcoin.conf /home/admin/.bitcoin/bitcoin.conf
chown admin:admin /home/admin/.bitcoin/bitcoin.conf
# Reset BTCARGS
echo "BTCARGS=" > /mnt/hdd/mynode/bitcoin/env

View File

@ -1,5 +1,8 @@
#!/bin/bash
set -x
set -e
# Wait to see if bitcoind is synced
echo "Checking if Bitcoin is synced..."
while [ ! -f "/mnt/hdd/mynode/.mynode_bitcoind_synced" ]; do
@ -8,6 +11,6 @@ while [ ! -f "/mnt/hdd/mynode/.mynode_bitcoind_synced" ]; do
done
# And finally, make sure bitcoind responds to API requests
bitcoin-cli -rpcwait getblockchaininfo
bitcoin-cli -datadir=/mnt/hdd/mynode/bitcoin -rpcwait getblockchaininfo
exit 0

View File

@ -12,9 +12,12 @@ daemon=1
txindex=1
# Connection settings
rpcuser=mynode
#rpcuser=mynode
# This password was randomly generated by your device. Changing it may cause problems.
rpcpassword=bolt
#rpcpassword=bolt
rpcauth=mynode:7b7e11c032ddd3fc3835e4e463afd305$6c6a32bbd08cb1b67b5ea89b66865c5ca2bf6fd8a91a19d6a4d58157fe0882b4
rpcport=8332
rpcbind=127.0.0.1
rpcallowip=127.0.0.1

View File

@ -9,7 +9,7 @@ mynode_bitcoin_cli = Blueprint('mynode_bitcoin_cli',__name__)
### Helper functions
def runcmd(cmd):
cmd = "bitcoin-cli --conf=/home/admin/.bitcoin/bitcoin.conf "+cmd+"; exit 0"
cmd = "bitcoin-cli --conf=/home/admin/.bitcoin/bitcoin.conf --datadir=/mnt/hdd/mynode/bitcoin "+cmd+"; exit 0"
try:
results = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
except Exception as e: