From 35a47949deab44cbec55e22fdc30d2466b0c2330 Mon Sep 17 00:00:00 2001 From: Taylor Helsper Date: Mon, 19 Aug 2019 20:36:58 -0500 Subject: [PATCH] Use rpcauth for btc authentication rather than user/pass --- rootfs/raspi3/usr/share/mynode/bitcoin.conf | 7 ++- rootfs/raspi4/usr/share/mynode/bitcoin.conf | 7 ++- .../etc/systemd/system/bitcoind.service | 1 + rootfs/standard/usr/bin/gen_rpcauth.py | 46 +++++++++++++++++++ .../standard/usr/bin/mynode_post_bitcoin.sh | 14 ++++++ rootfs/standard/usr/bin/mynode_startup.sh | 16 +++---- rootfs/standard/usr/bin/wait_on_bitcoin.sh | 5 +- rootfs/standard/usr/share/mynode/bitcoin.conf | 7 ++- rootfs/standard/var/www/mynode/bitcoin_cli.py | 2 +- 9 files changed, 89 insertions(+), 16 deletions(-) create mode 100755 rootfs/standard/usr/bin/gen_rpcauth.py create mode 100755 rootfs/standard/usr/bin/mynode_post_bitcoin.sh diff --git a/rootfs/raspi3/usr/share/mynode/bitcoin.conf b/rootfs/raspi3/usr/share/mynode/bitcoin.conf index 9fd0be9d..db39efbb 100644 --- a/rootfs/raspi3/usr/share/mynode/bitcoin.conf +++ b/rootfs/raspi3/usr/share/mynode/bitcoin.conf @@ -12,9 +12,12 @@ daemon=1 txindex=1 # Connection settings -rpcuser=mynode +#rpcuser=mynode # This password was randomly generated by your device. Changing it may cause problems. -rpcpassword=bolt +#rpcpassword=bolt + +rpcauth=mynode:7b7e11c032ddd3fc3835e4e463afd305$6c6a32bbd08cb1b67b5ea89b66865c5ca2bf6fd8a91a19d6a4d58157fe0882b4 + rpcport=8332 rpcbind=127.0.0.1 rpcallowip=127.0.0.1 diff --git a/rootfs/raspi4/usr/share/mynode/bitcoin.conf b/rootfs/raspi4/usr/share/mynode/bitcoin.conf index 2055e849..52acf01d 100644 --- a/rootfs/raspi4/usr/share/mynode/bitcoin.conf +++ b/rootfs/raspi4/usr/share/mynode/bitcoin.conf @@ -12,9 +12,12 @@ daemon=1 txindex=1 # Connection settings -rpcuser=mynode +#rpcuser=mynode # This password was randomly generated by your device. Changing it may cause problems. -rpcpassword=bolt +#rpcpassword=bolt + +rpcauth=mynode:7b7e11c032ddd3fc3835e4e463afd305$6c6a32bbd08cb1b67b5ea89b66865c5ca2bf6fd8a91a19d6a4d58157fe0882b4 + rpcport=8332 rpcbind=127.0.0.1 rpcallowip=127.0.0.1 diff --git a/rootfs/standard/etc/systemd/system/bitcoind.service b/rootfs/standard/etc/systemd/system/bitcoind.service index 25845f7d..c6e09316 100644 --- a/rootfs/standard/etc/systemd/system/bitcoind.service +++ b/rootfs/standard/etc/systemd/system/bitcoind.service @@ -10,6 +10,7 @@ ExecStartPre=/usr/bin/wait_on_uploader.sh ExecStartPre=/bin/sh -c 'cat /mnt/hdd/mynode/quicksync/.quicksync_complete' EnvironmentFile=/mnt/hdd/mynode/bitcoin/env ExecStart=/usr/local/bin/bitcoind -daemon $BTCARGS -deprecatedrpc=accounts -par=-1 -conf=/home/bitcoin/.bitcoin/bitcoin.conf -printtoconsole -pid=/home/bitcoin/.bitcoin/bitcoind.pid +ExecStartPost=+/usr/bin/mynode_post_bitcoin.sh PIDFile=/home/bitcoin/.bitcoin/bitcoind.pid User=bitcoin Group=bitcoin diff --git a/rootfs/standard/usr/bin/gen_rpcauth.py b/rootfs/standard/usr/bin/gen_rpcauth.py new file mode 100755 index 00000000..04baa84e --- /dev/null +++ b/rootfs/standard/usr/bin/gen_rpcauth.py @@ -0,0 +1,46 @@ +#!/usr/bin/env python3 +# Copyright (c) 2015-2018 The Bitcoin Core developers +# Distributed under the MIT software license, see the accompanying +# file COPYING or http://www.opensource.org/licenses/mit-license.php. + +from argparse import ArgumentParser +from base64 import urlsafe_b64encode +from binascii import hexlify +from getpass import getpass +from os import urandom + +import hmac + +def generate_salt(size): + """Create size byte hex salt""" + return hexlify(urandom(size)).decode() + +def generate_password(): + """Create 32 byte b64 password""" + return urlsafe_b64encode(urandom(32)).decode('utf-8') + +def password_to_hmac(salt, password): + m = hmac.new(bytearray(salt, 'utf-8'), bytearray(password, 'utf-8'), 'SHA256') + return m.hexdigest() + +def main(): + parser = ArgumentParser(description='Create login credentials for a JSON-RPC user') + parser.add_argument('username', help='the username for authentication') + parser.add_argument('password', help='leave empty to generate a random password or specify "-" to prompt for password', nargs='?') + args = parser.parse_args() + + if not args.password: + args.password = generate_password() + elif args.password == '-': + args.password = getpass() + + # Create 16 byte hex salt + salt = generate_salt(16) + password_hmac = password_to_hmac(salt, args.password) + + #print('String to be appended to bitcoin.conf:') + print('rpcauth={0}:{1}${2}'.format(args.username, salt, password_hmac)) + #print('Your password:\n{0}'.format(args.password)) + +if __name__ == '__main__': + main() diff --git a/rootfs/standard/usr/bin/mynode_post_bitcoin.sh b/rootfs/standard/usr/bin/mynode_post_bitcoin.sh new file mode 100755 index 00000000..6794df90 --- /dev/null +++ b/rootfs/standard/usr/bin/mynode_post_bitcoin.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +source /usr/share/mynode/mynode_config.sh + +set -x + +sleep 60s + +# Give admin the ability to access the BTC cookie +cp -f /mnt/hdd/mynode/bitcoin/.cookie /home/admin/.bitcoin/.cookie +chown admin:admin /home/admin/.bitcoin/.cookie + +# Sync FS +sync \ No newline at end of file diff --git a/rootfs/standard/usr/bin/mynode_startup.sh b/rootfs/standard/usr/bin/mynode_startup.sh index 033c60d2..07243920 100755 --- a/rootfs/standard/usr/bin/mynode_startup.sh +++ b/rootfs/standard/usr/bin/mynode_startup.sh @@ -102,7 +102,9 @@ fi cp -f /usr/share/mynode/bitcoin.conf /mnt/hdd/mynode/bitcoin/bitcoin.conf PW=$(cat /mnt/hdd/mynode/settings/.btcrpcpw) -sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf +RPCAUTH=$(gen_rpcauth.py mynode $PW) +#sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf +sed -i "s/rpcauth=.*/$RPCAUTH/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf cp -f /mnt/hdd/mynode/bitcoin/bitcoin.conf /home/admin/.bitcoin/bitcoin.conf chown bitcoin:bitcoin /mnt/hdd/mynode/bitcoin/bitcoin.conf @@ -134,14 +136,12 @@ fi echo "BTC_RPC_PASSWORD=$PW" > /mnt/hdd/mynode/settings/.btcrpc_environment chown bitcoin:bitcoin /mnt/hdd/mynode/settings/.btcrpc_environment if [ -f /mnt/hdd/mynode/bitcoin/bitcoin.conf ]; then - sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf -fi -if [ -f /home/admin/.bitcoin/bitcoin.conf ]; then - sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /home/admin/.bitcoin/bitcoin.conf -else - cp -f /mnt/hdd/mynode/bitcoin/bitcoin.conf /home/admin/.bitcoin/bitcoin.conf - chown admin:admin /home/admin/.bitcoin/bitcoin.conf + #sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf + sed -i "s/rpcauth=.*/$RPCAUTH/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf fi +cp -f /mnt/hdd/mynode/bitcoin/bitcoin.conf /home/admin/.bitcoin/bitcoin.conf +chown admin:admin /home/admin/.bitcoin/bitcoin.conf + # Reset BTCARGS echo "BTCARGS=" > /mnt/hdd/mynode/bitcoin/env diff --git a/rootfs/standard/usr/bin/wait_on_bitcoin.sh b/rootfs/standard/usr/bin/wait_on_bitcoin.sh index c9b0531f..e051f737 100755 --- a/rootfs/standard/usr/bin/wait_on_bitcoin.sh +++ b/rootfs/standard/usr/bin/wait_on_bitcoin.sh @@ -1,5 +1,8 @@ #!/bin/bash +set -x +set -e + # Wait to see if bitcoind is synced echo "Checking if Bitcoin is synced..." while [ ! -f "/mnt/hdd/mynode/.mynode_bitcoind_synced" ]; do @@ -8,6 +11,6 @@ while [ ! -f "/mnt/hdd/mynode/.mynode_bitcoind_synced" ]; do done # And finally, make sure bitcoind responds to API requests -bitcoin-cli -rpcwait getblockchaininfo +bitcoin-cli -datadir=/mnt/hdd/mynode/bitcoin -rpcwait getblockchaininfo exit 0 \ No newline at end of file diff --git a/rootfs/standard/usr/share/mynode/bitcoin.conf b/rootfs/standard/usr/share/mynode/bitcoin.conf index 2055e849..52acf01d 100644 --- a/rootfs/standard/usr/share/mynode/bitcoin.conf +++ b/rootfs/standard/usr/share/mynode/bitcoin.conf @@ -12,9 +12,12 @@ daemon=1 txindex=1 # Connection settings -rpcuser=mynode +#rpcuser=mynode # This password was randomly generated by your device. Changing it may cause problems. -rpcpassword=bolt +#rpcpassword=bolt + +rpcauth=mynode:7b7e11c032ddd3fc3835e4e463afd305$6c6a32bbd08cb1b67b5ea89b66865c5ca2bf6fd8a91a19d6a4d58157fe0882b4 + rpcport=8332 rpcbind=127.0.0.1 rpcallowip=127.0.0.1 diff --git a/rootfs/standard/var/www/mynode/bitcoin_cli.py b/rootfs/standard/var/www/mynode/bitcoin_cli.py index cef6b6a7..c8781962 100644 --- a/rootfs/standard/var/www/mynode/bitcoin_cli.py +++ b/rootfs/standard/var/www/mynode/bitcoin_cli.py @@ -9,7 +9,7 @@ mynode_bitcoin_cli = Blueprint('mynode_bitcoin_cli',__name__) ### Helper functions def runcmd(cmd): - cmd = "bitcoin-cli --conf=/home/admin/.bitcoin/bitcoin.conf "+cmd+"; exit 0" + cmd = "bitcoin-cli --conf=/home/admin/.bitcoin/bitcoin.conf --datadir=/mnt/hdd/mynode/bitcoin "+cmd+"; exit 0" try: results = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True) except Exception as e: