Merge #13716: bitcoin-cli: -stdinwalletpassphrase and non-echo stdin passwords

50c4afa3c4 add newline after -stdin* (Karl-Johan Alm)
7f11fba2e3 cli: add -stdinwalletpassphrase for (slightly more) secure CLI (Karl-Johan Alm)
0da503e947 add stdin helpers for password input support (Karl-Johan Alm)

Pull request description:

  This PR
  * adds `-stdinwalletpassphrase` for use with `walletpasshprase(change)`
  * adds no-echo for passwords (`-stdinrpcpass` and above)

  It may not be ideal, but it's better than having to clear the screen whenever you unlock the wallet.

ACKs for top commit:
  laanwj:
    code review ACK 50c4afa3c4

Tree-SHA512: 473db8a303ff360ffaa36ac81a2f82be2136fa82696df0bc4f33cb44033a3ae258b5aa5bbcc1f101f88ae9abe9598ed564ce52877ab139bd5d709833f5275ec6
pull/17031/head
Wladimir J. van der Laan 5 years ago
commit f4a0d27e85
No known key found for this signature in database
GPG Key ID: 1E4AED62986CD25D

@ -520,6 +520,8 @@ endif
libbitcoin_cli_a_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) libbitcoin_cli_a_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
libbitcoin_cli_a_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) libbitcoin_cli_a_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
libbitcoin_cli_a_SOURCES = \ libbitcoin_cli_a_SOURCES = \
compat/stdin.h \
compat/stdin.cpp \
rpc/client.cpp \ rpc/client.cpp \
$(BITCOIN_CORE_H) $(BITCOIN_CORE_H)

@ -27,6 +27,7 @@
#include <support/events.h> #include <support/events.h>
#include <univalue.h> #include <univalue.h>
#include <compat/stdin.h>
const std::function<std::string(const char*)> G_TRANSLATION_FUN = nullptr; const std::function<std::string(const char*)> G_TRANSLATION_FUN = nullptr;
@ -58,7 +59,8 @@ static void SetupCliArgs()
gArgs.AddArg("-rpcwait", "Wait for RPC server to start", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS); gArgs.AddArg("-rpcwait", "Wait for RPC server to start", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS);
gArgs.AddArg("-rpcwallet=<walletname>", "Send RPC for non-default wallet on RPC server (needs to exactly match corresponding -wallet option passed to bitcoind). This changes the RPC endpoint used, e.g. http://127.0.0.1:8332/wallet/<walletname>", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS); gArgs.AddArg("-rpcwallet=<walletname>", "Send RPC for non-default wallet on RPC server (needs to exactly match corresponding -wallet option passed to bitcoind). This changes the RPC endpoint used, e.g. http://127.0.0.1:8332/wallet/<walletname>", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS);
gArgs.AddArg("-stdin", "Read extra arguments from standard input, one per line until EOF/Ctrl-D (recommended for sensitive information such as passphrases). When combined with -stdinrpcpass, the first line from standard input is used for the RPC password.", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS); gArgs.AddArg("-stdin", "Read extra arguments from standard input, one per line until EOF/Ctrl-D (recommended for sensitive information such as passphrases). When combined with -stdinrpcpass, the first line from standard input is used for the RPC password.", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS);
gArgs.AddArg("-stdinrpcpass", "Read RPC password from standard input as a single line. When combined with -stdin, the first line from standard input is used for the RPC password.", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS); gArgs.AddArg("-stdinrpcpass", "Read RPC password from standard input as a single line. When combined with -stdin, the first line from standard input is used for the RPC password. When combined with -stdinwalletpassphrase, -stdinrpcpass consumes the first line, and -stdinwalletpassphrase consumes the second.", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS);
gArgs.AddArg("-stdinwalletpassphrase", "Read wallet passphrase from standard input as a single line. When combined with -stdin, the first line from standard input is used for the wallet passphrase.", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS);
} }
/** libevent event log callback */ /** libevent event log callback */
@ -411,18 +413,47 @@ static int CommandLineRPC(int argc, char *argv[])
} }
std::string rpcPass; std::string rpcPass;
if (gArgs.GetBoolArg("-stdinrpcpass", false)) { if (gArgs.GetBoolArg("-stdinrpcpass", false)) {
NO_STDIN_ECHO();
if (!StdinReady()) {
fputs("RPC password> ", stderr);
fflush(stderr);
}
if (!std::getline(std::cin, rpcPass)) { if (!std::getline(std::cin, rpcPass)) {
throw std::runtime_error("-stdinrpcpass specified but failed to read from standard input"); throw std::runtime_error("-stdinrpcpass specified but failed to read from standard input");
} }
if (StdinTerminal()) {
fputc('\n', stdout);
}
gArgs.ForceSetArg("-rpcpassword", rpcPass); gArgs.ForceSetArg("-rpcpassword", rpcPass);
} }
std::vector<std::string> args = std::vector<std::string>(&argv[1], &argv[argc]); std::vector<std::string> args = std::vector<std::string>(&argv[1], &argv[argc]);
if (gArgs.GetBoolArg("-stdinwalletpassphrase", false)) {
NO_STDIN_ECHO();
std::string walletPass;
if (args.size() < 1 || args[0].substr(0, 16) != "walletpassphrase") {
throw std::runtime_error("-stdinwalletpassphrase is only applicable for walletpassphrase(change)");
}
if (!StdinReady()) {
fputs("Wallet passphrase> ", stderr);
fflush(stderr);
}
if (!std::getline(std::cin, walletPass)) {
throw std::runtime_error("-stdinwalletpassphrase specified but failed to read from standard input");
}
if (StdinTerminal()) {
fputc('\n', stdout);
}
args.insert(args.begin() + 1, walletPass);
}
if (gArgs.GetBoolArg("-stdin", false)) { if (gArgs.GetBoolArg("-stdin", false)) {
// Read one arg per line from stdin and append // Read one arg per line from stdin and append
std::string line; std::string line;
while (std::getline(std::cin, line)) { while (std::getline(std::cin, line)) {
args.push_back(line); args.push_back(line);
} }
if (StdinTerminal()) {
fputc('\n', stdout);
}
} }
std::unique_ptr<BaseRequestHandler> rh; std::unique_ptr<BaseRequestHandler> rh;
std::string method; std::string method;

@ -0,0 +1,72 @@
// Copyright (c) 2018 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#if defined(HAVE_CONFIG_H)
#include <config/bitcoin-config.h>
#endif
#include <cstdio> // for fileno(), stdin
#ifdef WIN32
#include <windows.h> // for SetStdinEcho()
#include <io.h> // for isatty()
#else
#include <termios.h> // for SetStdinEcho()
#include <unistd.h> // for SetStdinEcho(), isatty()
#include <sys/poll.h> // for StdinReady()
#endif
#include <compat/stdin.h>
// https://stackoverflow.com/questions/1413445/reading-a-password-from-stdcin
void SetStdinEcho(bool enable)
{
#ifdef WIN32
HANDLE hStdin = GetStdHandle(STD_INPUT_HANDLE);
DWORD mode;
GetConsoleMode(hStdin, &mode);
if (!enable) {
mode &= ~ENABLE_ECHO_INPUT;
} else {
mode |= ENABLE_ECHO_INPUT;
}
SetConsoleMode(hStdin, mode);
#else
struct termios tty;
tcgetattr(STDIN_FILENO, &tty);
if (!enable) {
tty.c_lflag &= ~ECHO;
} else {
tty.c_lflag |= ECHO;
}
(void)tcsetattr(STDIN_FILENO, TCSANOW, &tty);
#endif
}
bool StdinTerminal()
{
#ifdef WIN32
return _isatty(_fileno(stdin));
#else
return isatty(fileno(stdin));
#endif
}
bool StdinReady()
{
if (!StdinTerminal()) {
return true;
}
#ifdef WIN32
return false;
#else
struct pollfd fds;
fds.fd = 0; /* this is STDIN */
fds.events = POLLIN;
return poll(&fds, 1, 0) == 1;
#endif
}
NoechoInst::NoechoInst() { SetStdinEcho(false); }
NoechoInst::~NoechoInst() { SetStdinEcho(true); }

@ -0,0 +1,18 @@
// Copyright (c) 2018 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#ifndef BITCOIN_COMPAT_STDIN_H
#define BITCOIN_COMPAT_STDIN_H
struct NoechoInst {
NoechoInst();
~NoechoInst();
};
#define NO_STDIN_ECHO() NoechoInst _no_echo
bool StdinTerminal();
bool StdinReady();
#endif // BITCOIN_COMPAT_STDIN_H
Loading…
Cancel
Save