Bitcoin Forum
December 05, 2016, 07:00:05 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: JSON-RPC password  (Read 23537 times)
lachesis
Full Member
***
Offline Offline

Activity: 210


View Profile
July 25, 2010, 09:00:05 PM
 #41

Digest auth is a fair bit harder to implement on both the client and the server side. It _should_ be using SSL and client certificates, but that's just a major PITA. Either that, or unix sockets.

Bitcoin Calculator | Scallion | GPG Key | WoT Rating | 1QGacAtYA7E8V3BAiM7sgvLg7PZHk5WnYc
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480964405
Hero Member
*
Offline Offline

Posts: 1480964405

View Profile Personal Message (Offline)

Ignore
1480964405
Reply with quote  #2

1480964405
Report to moderator
The Madhatter
Hero Member
*****
Offline Offline

Activity: 490


My avatar pic says it all


View Profile
July 25, 2010, 09:05:43 PM
 #42

Hmm... I implemented digest auth into a custom webserver I wrote a decade ago. From what I remember, it was fairly easy. However, client support back then was rather shoddy. It has improved a lot since then. Smiley

Perhaps we could document a simple stunnel + bitcoin configuration on the wiki then? Under a section called "Securely using bitcoind from remote"?

Just offering my 2c as usual. Tongue

satoshi
Founder
Sr. Member
*
qt
Offline Offline

Activity: 364


View Profile
July 25, 2010, 09:34:29 PM
 #43

I found what appears to be a bug: with a long enough username and password combination, the base64 encoder in bitcoind produces authorization headers that look like this:
Code:
...
Authorization: Basic YWJiYWJiYWFiYmE6aGVsbG93b3JsZGhlbGxvd29ybGRoZWxsb3dvcmxkaGVsbG93
b3JsZGhlbGxvd29ybGRoZWxsb3dvcmxk
It inserts a newline every 64 characters, which obviously breaks the Authorization header, so commands like "bitcoin getinfo" fail. The server still works fine with properly behaving clients.

This can be solved by removing the newlines (and maybe '\r's) from result at the end of the Base64Encode function:
Code:
result.erase(std::remove(result.begin(), result.end(), '\n'), result.end());
result.erase(std::remove(result.begin(), result.end(), '\r'), result.end());
+1 to you for having such a long password that you found this bug.

Uploaded to SVN as rev 110.
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
July 25, 2010, 09:38:19 PM
 #44

I found what appears to be a bug: with a long enough username and password combination, the base64 encoder in bitcoind ... inserts a newline every 64 characters

Great catch!  Simpler fix is to specify the BIO_FLAGS_BASE64_NO_NL in the rpc.cpp/EncodeBase64 function:
Code:
diff --git a/rpc.cpp b/rpc.cpp
index 72bdc50..703b757 100644
--- a/rpc.cpp
+++ b/rpc.cpp
@@ -765,13 +765,14 @@ string EncodeBase64(string s)
     BUF_MEM *bptr;
 
     b64 = BIO_new(BIO_f_base64());
+    BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
     bmem = BIO_new(BIO_s_mem());
     b64 = BIO_push(b64, bmem);
     BIO_write(b64, s.c_str(), s.size());
     BIO_flush(b64);
     BIO_get_mem_ptr(b64, &bptr);
 
-    string result(bptr->data, bptr->length-1);
+    string result(bptr->data, bptr->length);
     BIO_free_all(b64);
 
     return result;

How often do you get the chance to work on a potentially world-changing project?
satoshi
Founder
Sr. Member
*
qt
Offline Offline

Activity: 364


View Profile
July 25, 2010, 09:44:16 PM
 #45

i got some problems here too trying to get this run on PHP.
so far i had no luck, neither the wiki-sample (jsonRPCClient trying to fopen(http://username:password@localhost:8332/)), nor my curl-sample (using setopt CURLOPT_HTTPAUTH, CURLAUTH_BASIC) seem to work.
That's strange, didn't someone just say that was supposed to work?  (what library was he using?)  Post if you figure out what wrong.

I hope it's not going to put up this much of a fight for all PHP users.

Looks like we've got the Fortran scenario already.
satoshi
Founder
Sr. Member
*
qt
Offline Offline

Activity: 364


View Profile
July 25, 2010, 09:51:31 PM
 #46

Great catch!  Simpler fix is to specify the BIO_FLAGS_BASE64_NO_NL in the rpc.cpp/EncodeBase64 function
SVN rev 111
lachesis
Full Member
***
Offline Offline

Activity: 210


View Profile
July 25, 2010, 10:15:15 PM
 #47

That's strange, didn't someone just say that was supposed to work?  (what library was he using?)  Post if you figure out what wrong.
That was me; I'm using the library at http://jsonrpcphp.org/ (download at http://jsonrpcphp.org/download.php?file=tgz&package=light), and I can confirm that this works:
Code:
<?php
require_once 'jsonRPCClient.php';
$bitcoin = new jsonRPCClient('http://username:password@localhost:8332/');
echo 
$bitcoin->getblockcount();
?>


Thanks to gavinandresen and satoshi for fixing that bug so fast.

Bitcoin Calculator | Scallion | GPG Key | WoT Rating | 1QGacAtYA7E8V3BAiM7sgvLg7PZHk5WnYc
BitLex
Hero Member
*****
Offline Offline

Activity: 588


View Profile WWW
July 25, 2010, 10:41:42 PM
 #48

That's strange, didn't someone just say that was supposed to work?  (what library was he using?)  Post if you figure out what wrong.
That was me; I'm using the library at http://jsonrpcphp.org/ (download at http://jsonrpcphp.org/download.php?file=tgz&package=light), and I can confirm that this works:
Code:
<?php
require_once 'jsonRPCClient.php';
$bitcoin = new jsonRPCClient('http://username:password@localhost:8332/');
echo 
$bitcoin->getblockcount();
?>


not for me, that's what i tried first, cuz it's on the wiki.
this is all i get from jsonRPCClient:
Warning: fopen(http://...@localhost:8332/) [function.fopen]: failed to open stream: HTTP request failed! HTTP/1.0 401 Authorization Required in ...\jsonRPCClient.php on line 132


also couldn't get curl to authorize yet, all i get is
..curl_error():transfer closed with 15 bytes remaining to read..
which results in a "bad json-syntax" of course

testing on php5.3.0 curl7.19.4.
and open for ideas.

lachesis
Full Member
***
Offline Offline

Activity: 210


View Profile
July 26, 2010, 12:26:27 AM
 #49

First of all, does "bitcoind getinfo" work?

Second, try to grab the attempt that jsonrpcclient.php makes with netcat (might have to install it first):

1) Stop bitcoind
2) netcat -l 8332
3) Run your client code with a modified (insecure) username and password
4) Ctrl-C netcat and post the output


Bitcoin Calculator | Scallion | GPG Key | WoT Rating | 1QGacAtYA7E8V3BAiM7sgvLg7PZHk5WnYc
BitLex
Hero Member
*****
Offline Offline

Activity: 588


View Profile WWW
July 26, 2010, 01:13:43 AM
 #50

I'm on XP here, not sure if theres a netcat-clone available.

commandline works fine and does what it's supposed to

this works fine using <=0.3.2
Code:
require_once 'jsonRPCClient.php';
$bitcoin = new jsonRPCClient('http://localhost:8332/');
echo $bitcoin->getblockcount();


but this doesnt work using 0.3.3
Code:
require_once 'jsonRPCClient.php';
$bitcoin = new jsonRPCClient('http://username:password@localhost:8332/');
echo $bitcoin->getblockcount();


BitLex
Hero Member
*****
Offline Offline

Activity: 588


View Profile WWW
July 26, 2010, 01:38:57 AM
 #51

Ok, i found it.  Cheesy

wiki says, create a bitcoin.conf like this:
Code:
rpcuser=anything; does not have to be a 'real' user
rpcpassword=anything
but that won't work (at least for some people, maybe windows?)

removing the ; did the job,
using # as seperator/commentor works fine.


lachesis
Full Member
***
Offline Offline

Activity: 210


View Profile
July 26, 2010, 02:27:38 AM
 #52

Ah alright. In that case, your username was actually "anything; does not have to be a 'real' user". That's why using the Bitcoin command line client worked - it used the full field for a username. I updated the wiki to remove the "; does not have to be a 'real' user" comment.

Bitcoin Calculator | Scallion | GPG Key | WoT Rating | 1QGacAtYA7E8V3BAiM7sgvLg7PZHk5WnYc
theymos
Administrator
Legendary
*
expert
Online Online

Activity: 2492


View Profile
July 30, 2010, 05:54:36 AM
 #53

When I upgraded from a version with switch-based passwords to the latest SVN, I ran into a problem: Bitcoin looks for the configuration file in the default "~/.bitcoin/bitcoin.conf" unless I point to any non-existent file. Example:
Code:
$ ls /home/theymos/bitcoin
addr.dat      blkindex.dat  debug.log          status.sh
bitcoin.conf  command.sh    debug.log.old.bz2  stop.sh
bitcoind      database      makefile           transfer.sh
blk0001.dat   db.log        start.sh           wallet.dat

$ ./bitcoind -datadir=/home/theymos/bitcoin -conf=/home/theymos/bitcoin/bitcoin.conf && ./bitcoind getinfo
error: You must set rpcpassword=<password> in the configuration file:
/home/theymos/.bitcoin/bitcoin.conf
If the file does not exist, create it with owner-readable-only file permissions.

$ killall bitcoind

$ ./bitcoind -datadir=/home/theymos/bitcoin -conf=/home/theymos/bitcoin/asdf.conf && ./bitcoind getinfo
bitcoin server starting
error: You must set rpcpassword=<password> in the configuration file:
/home/theymos/.bitcoin/bitcoin.conf
If the file does not exist, create it with owner-readable-only file permissions.

Warning: To use bitcoind, you must set rpcpassword=<password>
in the configuration file: /home/theymos/bitcoin/asdf.conf
If the file does not exist, create it with owner-readable-only file permissions.

Bitcoin is using the correct datadir. Hardcoding the path in util.cpp just gives me "error:getinfo" (though maybe I'm not doing it correctly). Removing the "pathConfig.is_complete()" if statement does the same thing.

I'm on Linux with glibc 2.10.1. I'm using all of the recommended dependency versions. The only dependency I changed during the upgrade was Boost, which I had to recompile to get the additional libraries that Bitcoin now uses.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
July 30, 2010, 12:53:40 PM
 #54

$ ./bitcoind -datadir=/home/theymos/bitcoin -conf=/home/theymos/bitcoin/bitcoin.conf && ./bitcoind getinfo
error: You must set rpcpassword=<password> in the configuration file:
That second ./bitcoind getinfo has to be:
Code:
./bitcoind -datadir=/home/theymos/bitcoin -conf=/home/theymos/bitcoin/bitcoin.conf getinfo
... otherwise it will use the default config file and datadir.

How often do you get the chance to work on a potentially world-changing project?
fetokun
Full Member
***
Offline Offline

Activity: 126



View Profile
April 10, 2011, 12:24:15 PM
 #55

I'm getting the same error that was posted here about 1 year ago:

Quote
Warning: fopen(http://...@localhost:8332/): failed to open stream: HTTP request failed! HTTP/1.0 401 Authorization Required in /var/www/meubitcoin/src/classes/jsonRPCClient.php...

the php code:

Code:
  $bitcoind = new jsonRPCClient("http://fetokun:rcpass123@localhost:8332/", true);
  echo($bitcoind->listaccounts());

Does it mean that I'm using an outdated version of bitcoind? ( I installed from this package: http://packages.debian.org/sid/i386/bitcoind/download )

I'm starting bitcoind this way:

Code:
bitcoind -server -testnet -rpcport=8332 -rcpuser=fetokun -rcppassword=rcpass123

when I run getinfo, bitcoind returns me this:

Code:
{
    "version" : 32002,
    "balance" : 0.00000000,
    "blocks" : 13312,
    "connections" : 8,
    "proxy" : "",
    "generate" : false,
    "genproclimit" : -1,
    "difficulty" : 17.09748611,
    "hashespersec" : 0,
    "testnet" : true,
    "keypoololdest" : 1302337673,
    "paytxfee" : 0.00000000,
    "errors" : ""
}


First of all, does "bitcoind getinfo" work?

Second, try to grab the attempt that jsonrpcclient.php makes with netcat (might have to install it first):

1) Stop bitcoind
2) netcat -l 8332
3) Run your client code with a modified (insecure) username and password
4) Ctrl-C netcat and post the output



when I do what lachesis mentioned above, netcat shows me:

Code:
{"method":"listaccounts","params":[],"id":1}

Its probably something very simple that I'm forgetting about... does anyone know what?
fetokun
Full Member
***
Offline Offline

Activity: 126



View Profile
April 10, 2011, 01:29:32 PM
 #56

found the problem

All I had to do was RTFM properly =D
fetokun
Full Member
***
Offline Offline

Activity: 126



View Profile
April 15, 2011, 05:40:39 AM
 #57

Alright, this thing I'm having a problem with:

Code:
       $result1 = $rpc->getbalance($fromAccount);
    $result2 = $rpc->sendfrom($fromAccount, $toAccount, $amount);

The first line works fine and gets me:

Code:
1***** Request *****
{"method":"getbalance","params":["fetokun"],"id":1}
***** End Of request *****

***** Server response *****
{"result":3639.00000000,"error":null,"id":1}
***** End of server response *****

But the second line gets me:
Code:
Warning: fopen(http://...@localhost:8332/): failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error in /var/www/meubitcoin/src/classes/jsonRPCClient.php on line 132 Fatal error: Uncaught exception 'Exception' with message 'Unable to connect...

Anybody knows why?

my bitcoin.conf:

Code:
rcpallowip=127.0.0.1
rpcuser=fetokun
rpcpassword=rcpass123
rpcport=8332
server=1
testnet=1
NghtRppr
Sr. Member
****
Offline Offline

Activity: 476


View Profile
April 15, 2011, 01:50:18 PM
 #58

Code:
$result2 = $rpc->sendfrom($fromAccount, $toAccount, (float) $amount);

See if this works.
fetokun
Full Member
***
Offline Offline

Activity: 126



View Profile
April 15, 2011, 02:08:12 PM
 #59

I'll arrive home in a few hours then I'll check if that's the problem

Thanx a lot dude
fetokun
Full Member
***
Offline Offline

Activity: 126



View Profile
April 16, 2011, 11:17:52 AM
 #60

Code:
$result2 = $rpc->sendfrom($fromAccount, $toAccount, (float) $amount);

See if this works.

Now it worked! Thanx!
Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!