lachesis
|
|
July 25, 2010, 09:00:05 PM |
|
Digest auth is a fair bit harder to implement on both the client and the server side. It _should_ be using SSL and client certificates, but that's just a major PITA. Either that, or unix sockets.
|
|
|
|
The Madhatter
|
|
July 25, 2010, 09:05:43 PM |
|
Hmm... I implemented digest auth into a custom webserver I wrote a decade ago. From what I remember, it was fairly easy. However, client support back then was rather shoddy. It has improved a lot since then. Perhaps we could document a simple stunnel + bitcoin configuration on the wiki then? Under a section called "Securely using bitcoind from remote"? Just offering my 2c as usual.
|
|
|
|
satoshi (OP)
Founder
Sr. Member
Offline
Activity: 364
Merit: 7065
|
|
July 25, 2010, 09:34:29 PM |
|
I found what appears to be a bug: with a long enough username and password combination, the base64 encoder in bitcoind produces authorization headers that look like this: ... Authorization: Basic YWJiYWJiYWFiYmE6aGVsbG93b3JsZGhlbGxvd29ybGRoZWxsb3dvcmxkaGVsbG93 b3JsZGhlbGxvd29ybGRoZWxsb3dvcmxk
It inserts a newline every 64 characters, which obviously breaks the Authorization header, so commands like "bitcoin getinfo" fail. The server still works fine with properly behaving clients. This can be solved by removing the newlines (and maybe '\r's) from result at the end of the Base64Encode function: result.erase(std::remove(result.begin(), result.end(), '\n'), result.end()); result.erase(std::remove(result.begin(), result.end(), '\r'), result.end());
+1 to you for having such a long password that you found this bug. Uploaded to SVN as rev 110.
|
|
|
|
Gavin Andresen
Legendary
Offline
Activity: 1652
Merit: 2300
Chief Scientist
|
|
July 25, 2010, 09:38:19 PM |
|
I found what appears to be a bug: with a long enough username and password combination, the base64 encoder in bitcoind ... inserts a newline every 64 characters Great catch! Simpler fix is to specify the BIO_FLAGS_BASE64_NO_NL in the rpc.cpp/EncodeBase64 function: diff --git a/rpc.cpp b/rpc.cpp index 72bdc50..703b757 100644 --- a/rpc.cpp +++ b/rpc.cpp @@ -765,13 +765,14 @@ string EncodeBase64(string s) BUF_MEM *bptr; b64 = BIO_new(BIO_f_base64()); + BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bmem = BIO_new(BIO_s_mem()); b64 = BIO_push(b64, bmem); BIO_write(b64, s.c_str(), s.size()); BIO_flush(b64); BIO_get_mem_ptr(b64, &bptr); - string result(bptr->data, bptr->length-1); + string result(bptr->data, bptr->length); BIO_free_all(b64); return result;
|
How often do you get the chance to work on a potentially world-changing project?
|
|
|
satoshi (OP)
Founder
Sr. Member
Offline
Activity: 364
Merit: 7065
|
|
July 25, 2010, 09:44:16 PM |
|
i got some problems here too trying to get this run on PHP. so far i had no luck, neither the wiki-sample (jsonRPCClient trying to fopen( http://username:password@localhost:8332/)), nor my curl-sample (using setopt CURLOPT_HTTPAUTH, CURLAUTH_BASIC) seem to work. That's strange, didn't someone just say that was supposed to work? (what library was he using?) Post if you figure out what wrong. I hope it's not going to put up this much of a fight for all PHP users. Looks like we've got the Fortran scenario already.
|
|
|
|
satoshi (OP)
Founder
Sr. Member
Offline
Activity: 364
Merit: 7065
|
|
July 25, 2010, 09:51:31 PM |
|
Great catch! Simpler fix is to specify the BIO_FLAGS_BASE64_NO_NL in the rpc.cpp/EncodeBase64 function
SVN rev 111
|
|
|
|
lachesis
|
|
July 25, 2010, 10:15:15 PM |
|
That's strange, didn't someone just say that was supposed to work? (what library was he using?) Post if you figure out what wrong.
That was me; I'm using the library at http://jsonrpcphp.org/ (download at http://jsonrpcphp.org/download.php?file=tgz&package=light), and I can confirm that this works: <?php require_once 'jsonRPCClient.php'; $bitcoin = new jsonRPCClient('http://username:password@localhost:8332/'); echo $bitcoin->getblockcount(); ?>
Thanks to gavinandresen and satoshi for fixing that bug so fast.
|
|
|
|
BitLex
|
|
July 25, 2010, 10:41:42 PM |
|
That's strange, didn't someone just say that was supposed to work? (what library was he using?) Post if you figure out what wrong.
That was me; I'm using the library at http://jsonrpcphp.org/ (download at http://jsonrpcphp.org/download.php?file=tgz&package=light), and I can confirm that this works: <?php require_once 'jsonRPCClient.php'; $bitcoin = new jsonRPCClient('http://username:password@localhost:8332/'); echo $bitcoin->getblockcount(); ?>
not for me, that's what i tried first, cuz it's on the wiki. this is all i get from jsonRPCClient: Warning: fopen(http://...@localhost:8332/) [function.fopen]: failed to open stream: HTTP request failed! HTTP/1.0 401 Authorization Required in ...\jsonRPCClient.php on line 132 also couldn't get curl to authorize yet, all i get is ..curl_error():transfer closed with 15 bytes remaining to read.. which results in a "bad json-syntax" of course testing on php5.3.0 curl7.19.4. and open for ideas.
|
|
|
|
lachesis
|
|
July 26, 2010, 12:26:27 AM |
|
First of all, does "bitcoind getinfo" work?
Second, try to grab the attempt that jsonrpcclient.php makes with netcat (might have to install it first):
1) Stop bitcoind 2) netcat -l 8332 3) Run your client code with a modified (insecure) username and password 4) Ctrl-C netcat and post the output
|
|
|
|
BitLex
|
|
July 26, 2010, 01:13:43 AM |
|
I'm on XP here, not sure if theres a netcat-clone available. commandline works fine and does what it's supposed to this works fine using <=0.3.2 require_once 'jsonRPCClient.php'; $bitcoin = new jsonRPCClient('http://localhost:8332/'); echo $bitcoin->getblockcount(); but this doesnt work using 0.3.3 require_once 'jsonRPCClient.php'; $bitcoin = new jsonRPCClient('http://username:password@localhost:8332/'); echo $bitcoin->getblockcount();
|
|
|
|
BitLex
|
|
July 26, 2010, 01:38:57 AM |
|
Ok, i found it. wiki says, create a bitcoin.conf like this: rpcuser=anything; does not have to be a 'real' user rpcpassword=anything but that won't work (at least for some people, maybe windows?) removing the ; did the job, using # as seperator/commentor works fine.
|
|
|
|
lachesis
|
|
July 26, 2010, 02:27:38 AM |
|
Ah alright. In that case, your username was actually "anything; does not have to be a 'real' user". That's why using the Bitcoin command line client worked - it used the full field for a username. I updated the wiki to remove the "; does not have to be a 'real' user" comment.
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5334
Merit: 13306
|
|
July 30, 2010, 05:54:36 AM |
|
When I upgraded from a version with switch-based passwords to the latest SVN, I ran into a problem: Bitcoin looks for the configuration file in the default "~/.bitcoin/bitcoin.conf" unless I point to any non-existent file. Example: $ ls /home/theymos/bitcoin addr.dat blkindex.dat debug.log status.sh bitcoin.conf command.sh debug.log.old.bz2 stop.sh bitcoind database makefile transfer.sh blk0001.dat db.log start.sh wallet.dat
$ ./bitcoind -datadir=/home/theymos/bitcoin -conf=/home/theymos/bitcoin/bitcoin.conf && ./bitcoind getinfo error: You must set rpcpassword=<password> in the configuration file: /home/theymos/.bitcoin/bitcoin.conf If the file does not exist, create it with owner-readable-only file permissions.
$ killall bitcoind
$ ./bitcoind -datadir=/home/theymos/bitcoin -conf=/home/theymos/bitcoin/asdf.conf && ./bitcoind getinfo bitcoin server starting error: You must set rpcpassword=<password> in the configuration file: /home/theymos/.bitcoin/bitcoin.conf If the file does not exist, create it with owner-readable-only file permissions.
Warning: To use bitcoind, you must set rpcpassword=<password> in the configuration file: /home/theymos/bitcoin/asdf.conf If the file does not exist, create it with owner-readable-only file permissions.
Bitcoin is using the correct datadir. Hardcoding the path in util.cpp just gives me "error:getinfo" (though maybe I'm not doing it correctly). Removing the "pathConfig.is_complete()" if statement does the same thing. I'm on Linux with glibc 2.10.1. I'm using all of the recommended dependency versions. The only dependency I changed during the upgrade was Boost, which I had to recompile to get the additional libraries that Bitcoin now uses.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
Gavin Andresen
Legendary
Offline
Activity: 1652
Merit: 2300
Chief Scientist
|
|
July 30, 2010, 12:53:40 PM |
|
$ ./bitcoind -datadir=/home/theymos/bitcoin -conf=/home/theymos/bitcoin/bitcoin.conf && ./bitcoind getinfo error: You must set rpcpassword=<password> in the configuration file:
That second ./bitcoind getinfo has to be: ./bitcoind -datadir=/home/theymos/bitcoin -conf=/home/theymos/bitcoin/bitcoin.conf getinfo ... otherwise it will use the default config file and datadir.
|
How often do you get the chance to work on a potentially world-changing project?
|
|
|
fetokun
Full Member
Offline
Activity: 210
Merit: 100
Presale is live!
|
|
April 10, 2011, 12:24:15 PM |
|
I'm getting the same error that was posted here about 1 year ago: Warning: fopen(http://...@localhost:8332/): failed to open stream: HTTP request failed! HTTP/1.0 401 Authorization Required in /var/www/meubitcoin/src/classes/jsonRPCClient.php... the php code: $bitcoind = new jsonRPCClient("http://fetokun:rcpass123@localhost:8332/", true); echo($bitcoind->listaccounts()); Does it mean that I'm using an outdated version of bitcoind? ( I installed from this package: http://packages.debian.org/sid/i386/bitcoind/download ) I'm starting bitcoind this way: bitcoind -server -testnet -rpcport=8332 -rcpuser=fetokun -rcppassword=rcpass123 when I run getinfo, bitcoind returns me this: { "version" : 32002, "balance" : 0.00000000, "blocks" : 13312, "connections" : 8, "proxy" : "", "generate" : false, "genproclimit" : -1, "difficulty" : 17.09748611, "hashespersec" : 0, "testnet" : true, "keypoololdest" : 1302337673, "paytxfee" : 0.00000000, "errors" : "" } First of all, does "bitcoind getinfo" work?
Second, try to grab the attempt that jsonrpcclient.php makes with netcat (might have to install it first):
1) Stop bitcoind 2) netcat -l 8332 3) Run your client code with a modified (insecure) username and password 4) Ctrl-C netcat and post the output
when I do what lachesis mentioned above, netcat shows me: {"method":"listaccounts","params":[],"id":1} Its probably something very simple that I'm forgetting about... does anyone know what?
|
|
|
|
fetokun
Full Member
Offline
Activity: 210
Merit: 100
Presale is live!
|
|
April 10, 2011, 01:29:32 PM |
|
found the problem
All I had to do was RTFM properly =D
|
|
|
|
fetokun
Full Member
Offline
Activity: 210
Merit: 100
Presale is live!
|
|
April 15, 2011, 05:40:39 AM Last edit: April 15, 2011, 01:46:42 PM by fetokun |
|
Alright, this thing I'm having a problem with: $result1 = $rpc->getbalance($fromAccount); $result2 = $rpc->sendfrom($fromAccount, $toAccount, $amount); The first line works fine and gets me: 1***** Request ***** {"method":"getbalance","params":["fetokun"],"id":1} ***** End Of request *****
***** Server response ***** {"result":3639.00000000,"error":null,"id":1} ***** End of server response ***** But the second line gets me: Warning: fopen(http://...@localhost:8332/): failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error in /var/www/meubitcoin/src/classes/jsonRPCClient.php on line 132 Fatal error: Uncaught exception 'Exception' with message 'Unable to connect... Anybody knows why? my bitcoin.conf: rcpallowip=127.0.0.1 rpcuser=fetokun rpcpassword=rcpass123 rpcport=8332 server=1 testnet=1
|
|
|
|
NghtRppr
|
|
April 15, 2011, 01:50:18 PM |
|
$result2 = $rpc->sendfrom($fromAccount, $toAccount, (float) $amount); See if this works.
|
|
|
|
fetokun
Full Member
Offline
Activity: 210
Merit: 100
Presale is live!
|
|
April 15, 2011, 02:08:12 PM |
|
I'll arrive home in a few hours then I'll check if that's the problem
Thanx a lot dude
|
|
|
|
fetokun
Full Member
Offline
Activity: 210
Merit: 100
Presale is live!
|
|
April 16, 2011, 11:17:52 AM Last edit: April 16, 2011, 01:19:43 PM by fetokun |
|
$result2 = $rpc->sendfrom($fromAccount, $toAccount, (float) $amount); See if this works. Now it worked! Thanx!
|
|
|
|
|