Use rpcauth for btc authentication rather than user/pass
This commit is contained in:
parent
e821e7c8bb
commit
35a47949de
|
@ -12,9 +12,12 @@ daemon=1
|
||||||
txindex=1
|
txindex=1
|
||||||
|
|
||||||
# Connection settings
|
# Connection settings
|
||||||
rpcuser=mynode
|
#rpcuser=mynode
|
||||||
# This password was randomly generated by your device. Changing it may cause problems.
|
# This password was randomly generated by your device. Changing it may cause problems.
|
||||||
rpcpassword=bolt
|
#rpcpassword=bolt
|
||||||
|
|
||||||
|
rpcauth=mynode:7b7e11c032ddd3fc3835e4e463afd305$6c6a32bbd08cb1b67b5ea89b66865c5ca2bf6fd8a91a19d6a4d58157fe0882b4
|
||||||
|
|
||||||
rpcport=8332
|
rpcport=8332
|
||||||
rpcbind=127.0.0.1
|
rpcbind=127.0.0.1
|
||||||
rpcallowip=127.0.0.1
|
rpcallowip=127.0.0.1
|
||||||
|
|
|
@ -12,9 +12,12 @@ daemon=1
|
||||||
txindex=1
|
txindex=1
|
||||||
|
|
||||||
# Connection settings
|
# Connection settings
|
||||||
rpcuser=mynode
|
#rpcuser=mynode
|
||||||
# This password was randomly generated by your device. Changing it may cause problems.
|
# This password was randomly generated by your device. Changing it may cause problems.
|
||||||
rpcpassword=bolt
|
#rpcpassword=bolt
|
||||||
|
|
||||||
|
rpcauth=mynode:7b7e11c032ddd3fc3835e4e463afd305$6c6a32bbd08cb1b67b5ea89b66865c5ca2bf6fd8a91a19d6a4d58157fe0882b4
|
||||||
|
|
||||||
rpcport=8332
|
rpcport=8332
|
||||||
rpcbind=127.0.0.1
|
rpcbind=127.0.0.1
|
||||||
rpcallowip=127.0.0.1
|
rpcallowip=127.0.0.1
|
||||||
|
|
|
@ -10,6 +10,7 @@ ExecStartPre=/usr/bin/wait_on_uploader.sh
|
||||||
ExecStartPre=/bin/sh -c 'cat /mnt/hdd/mynode/quicksync/.quicksync_complete'
|
ExecStartPre=/bin/sh -c 'cat /mnt/hdd/mynode/quicksync/.quicksync_complete'
|
||||||
EnvironmentFile=/mnt/hdd/mynode/bitcoin/env
|
EnvironmentFile=/mnt/hdd/mynode/bitcoin/env
|
||||||
ExecStart=/usr/local/bin/bitcoind -daemon $BTCARGS -deprecatedrpc=accounts -par=-1 -conf=/home/bitcoin/.bitcoin/bitcoin.conf -printtoconsole -pid=/home/bitcoin/.bitcoin/bitcoind.pid
|
ExecStart=/usr/local/bin/bitcoind -daemon $BTCARGS -deprecatedrpc=accounts -par=-1 -conf=/home/bitcoin/.bitcoin/bitcoin.conf -printtoconsole -pid=/home/bitcoin/.bitcoin/bitcoind.pid
|
||||||
|
ExecStartPost=+/usr/bin/mynode_post_bitcoin.sh
|
||||||
PIDFile=/home/bitcoin/.bitcoin/bitcoind.pid
|
PIDFile=/home/bitcoin/.bitcoin/bitcoind.pid
|
||||||
User=bitcoin
|
User=bitcoin
|
||||||
Group=bitcoin
|
Group=bitcoin
|
||||||
|
|
46
rootfs/standard/usr/bin/gen_rpcauth.py
Executable file
46
rootfs/standard/usr/bin/gen_rpcauth.py
Executable file
|
@ -0,0 +1,46 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
# Copyright (c) 2015-2018 The Bitcoin Core developers
|
||||||
|
# Distributed under the MIT software license, see the accompanying
|
||||||
|
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||||
|
|
||||||
|
from argparse import ArgumentParser
|
||||||
|
from base64 import urlsafe_b64encode
|
||||||
|
from binascii import hexlify
|
||||||
|
from getpass import getpass
|
||||||
|
from os import urandom
|
||||||
|
|
||||||
|
import hmac
|
||||||
|
|
||||||
|
def generate_salt(size):
|
||||||
|
"""Create size byte hex salt"""
|
||||||
|
return hexlify(urandom(size)).decode()
|
||||||
|
|
||||||
|
def generate_password():
|
||||||
|
"""Create 32 byte b64 password"""
|
||||||
|
return urlsafe_b64encode(urandom(32)).decode('utf-8')
|
||||||
|
|
||||||
|
def password_to_hmac(salt, password):
|
||||||
|
m = hmac.new(bytearray(salt, 'utf-8'), bytearray(password, 'utf-8'), 'SHA256')
|
||||||
|
return m.hexdigest()
|
||||||
|
|
||||||
|
def main():
|
||||||
|
parser = ArgumentParser(description='Create login credentials for a JSON-RPC user')
|
||||||
|
parser.add_argument('username', help='the username for authentication')
|
||||||
|
parser.add_argument('password', help='leave empty to generate a random password or specify "-" to prompt for password', nargs='?')
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
if not args.password:
|
||||||
|
args.password = generate_password()
|
||||||
|
elif args.password == '-':
|
||||||
|
args.password = getpass()
|
||||||
|
|
||||||
|
# Create 16 byte hex salt
|
||||||
|
salt = generate_salt(16)
|
||||||
|
password_hmac = password_to_hmac(salt, args.password)
|
||||||
|
|
||||||
|
#print('String to be appended to bitcoin.conf:')
|
||||||
|
print('rpcauth={0}:{1}${2}'.format(args.username, salt, password_hmac))
|
||||||
|
#print('Your password:\n{0}'.format(args.password))
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
14
rootfs/standard/usr/bin/mynode_post_bitcoin.sh
Executable file
14
rootfs/standard/usr/bin/mynode_post_bitcoin.sh
Executable file
|
@ -0,0 +1,14 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
source /usr/share/mynode/mynode_config.sh
|
||||||
|
|
||||||
|
set -x
|
||||||
|
|
||||||
|
sleep 60s
|
||||||
|
|
||||||
|
# Give admin the ability to access the BTC cookie
|
||||||
|
cp -f /mnt/hdd/mynode/bitcoin/.cookie /home/admin/.bitcoin/.cookie
|
||||||
|
chown admin:admin /home/admin/.bitcoin/.cookie
|
||||||
|
|
||||||
|
# Sync FS
|
||||||
|
sync
|
|
@ -102,7 +102,9 @@ fi
|
||||||
cp -f /usr/share/mynode/bitcoin.conf /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
cp -f /usr/share/mynode/bitcoin.conf /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
||||||
|
|
||||||
PW=$(cat /mnt/hdd/mynode/settings/.btcrpcpw)
|
PW=$(cat /mnt/hdd/mynode/settings/.btcrpcpw)
|
||||||
sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
RPCAUTH=$(gen_rpcauth.py mynode $PW)
|
||||||
|
#sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
||||||
|
sed -i "s/rpcauth=.*/$RPCAUTH/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
||||||
|
|
||||||
cp -f /mnt/hdd/mynode/bitcoin/bitcoin.conf /home/admin/.bitcoin/bitcoin.conf
|
cp -f /mnt/hdd/mynode/bitcoin/bitcoin.conf /home/admin/.bitcoin/bitcoin.conf
|
||||||
chown bitcoin:bitcoin /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
chown bitcoin:bitcoin /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
||||||
|
@ -134,14 +136,12 @@ fi
|
||||||
echo "BTC_RPC_PASSWORD=$PW" > /mnt/hdd/mynode/settings/.btcrpc_environment
|
echo "BTC_RPC_PASSWORD=$PW" > /mnt/hdd/mynode/settings/.btcrpc_environment
|
||||||
chown bitcoin:bitcoin /mnt/hdd/mynode/settings/.btcrpc_environment
|
chown bitcoin:bitcoin /mnt/hdd/mynode/settings/.btcrpc_environment
|
||||||
if [ -f /mnt/hdd/mynode/bitcoin/bitcoin.conf ]; then
|
if [ -f /mnt/hdd/mynode/bitcoin/bitcoin.conf ]; then
|
||||||
sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
#sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
||||||
fi
|
sed -i "s/rpcauth=.*/$RPCAUTH/g" /mnt/hdd/mynode/bitcoin/bitcoin.conf
|
||||||
if [ -f /home/admin/.bitcoin/bitcoin.conf ]; then
|
|
||||||
sed -i "s/rpcpassword=.*/rpcpassword=$PW/g" /home/admin/.bitcoin/bitcoin.conf
|
|
||||||
else
|
|
||||||
cp -f /mnt/hdd/mynode/bitcoin/bitcoin.conf /home/admin/.bitcoin/bitcoin.conf
|
|
||||||
chown admin:admin /home/admin/.bitcoin/bitcoin.conf
|
|
||||||
fi
|
fi
|
||||||
|
cp -f /mnt/hdd/mynode/bitcoin/bitcoin.conf /home/admin/.bitcoin/bitcoin.conf
|
||||||
|
chown admin:admin /home/admin/.bitcoin/bitcoin.conf
|
||||||
|
|
||||||
|
|
||||||
# Reset BTCARGS
|
# Reset BTCARGS
|
||||||
echo "BTCARGS=" > /mnt/hdd/mynode/bitcoin/env
|
echo "BTCARGS=" > /mnt/hdd/mynode/bitcoin/env
|
||||||
|
|
|
@ -1,5 +1,8 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -x
|
||||||
|
set -e
|
||||||
|
|
||||||
# Wait to see if bitcoind is synced
|
# Wait to see if bitcoind is synced
|
||||||
echo "Checking if Bitcoin is synced..."
|
echo "Checking if Bitcoin is synced..."
|
||||||
while [ ! -f "/mnt/hdd/mynode/.mynode_bitcoind_synced" ]; do
|
while [ ! -f "/mnt/hdd/mynode/.mynode_bitcoind_synced" ]; do
|
||||||
|
@ -8,6 +11,6 @@ while [ ! -f "/mnt/hdd/mynode/.mynode_bitcoind_synced" ]; do
|
||||||
done
|
done
|
||||||
|
|
||||||
# And finally, make sure bitcoind responds to API requests
|
# And finally, make sure bitcoind responds to API requests
|
||||||
bitcoin-cli -rpcwait getblockchaininfo
|
bitcoin-cli -datadir=/mnt/hdd/mynode/bitcoin -rpcwait getblockchaininfo
|
||||||
|
|
||||||
exit 0
|
exit 0
|
|
@ -12,9 +12,12 @@ daemon=1
|
||||||
txindex=1
|
txindex=1
|
||||||
|
|
||||||
# Connection settings
|
# Connection settings
|
||||||
rpcuser=mynode
|
#rpcuser=mynode
|
||||||
# This password was randomly generated by your device. Changing it may cause problems.
|
# This password was randomly generated by your device. Changing it may cause problems.
|
||||||
rpcpassword=bolt
|
#rpcpassword=bolt
|
||||||
|
|
||||||
|
rpcauth=mynode:7b7e11c032ddd3fc3835e4e463afd305$6c6a32bbd08cb1b67b5ea89b66865c5ca2bf6fd8a91a19d6a4d58157fe0882b4
|
||||||
|
|
||||||
rpcport=8332
|
rpcport=8332
|
||||||
rpcbind=127.0.0.1
|
rpcbind=127.0.0.1
|
||||||
rpcallowip=127.0.0.1
|
rpcallowip=127.0.0.1
|
||||||
|
|
|
@ -9,7 +9,7 @@ mynode_bitcoin_cli = Blueprint('mynode_bitcoin_cli',__name__)
|
||||||
|
|
||||||
### Helper functions
|
### Helper functions
|
||||||
def runcmd(cmd):
|
def runcmd(cmd):
|
||||||
cmd = "bitcoin-cli --conf=/home/admin/.bitcoin/bitcoin.conf "+cmd+"; exit 0"
|
cmd = "bitcoin-cli --conf=/home/admin/.bitcoin/bitcoin.conf --datadir=/mnt/hdd/mynode/bitcoin "+cmd+"; exit 0"
|
||||||
try:
|
try:
|
||||||
results = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
|
results = subprocess.check_output(cmd, stderr=subprocess.STDOUT, shell=True)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user