Password-protect the JSON RPC interface

2018-01-07 19:26:59 +01:00
parent af0715e476
commit 387f6db3b6
3 changed files with 139 additions and 5 deletions
--- a/lib/daemon.py
+++ b/lib/daemon.py
@@ -29,7 +29,7 @@ import sys
 import time

 import jsonrpclib
-from jsonrpclib.SimpleJSONRPCServer import SimpleJSONRPCServer
+from .jsonrpc import VerifyingJSONRPCServer

 from version import ELECTRUM_VERSION
 from network import Network
@@ -73,7 +73,14 @@ def get_server(config):
        try:
            with open(lockfile) as f:
                (host, port), create_time = ast.literal_eval(f.read())
-                server = jsonrpclib.Server('http://%s:%d' % (host, port))
+                rpc_user, rpc_password = get_rpc_credentials(config)
+                if rpc_password == '':
+                    # authentication disabled
+                    server_url = 'http://%s:%d' % (host, port)
+                else:
+                    server_url = 'http://%s:%s@%s:%d' % (
+                        rpc_user, rpc_password, host, port)
+                server = jsonrpclib.Server(server_url)
            # Test daemon is running
            server.ping()
            return server
@@ -85,6 +92,26 @@ def get_server(config):
        time.sleep(1.0)


+def get_rpc_credentials(config):
+    rpc_user = config.get('rpcuser', None)
+    rpc_password = config.get('rpcpassword', None)
+    if rpc_user is None or rpc_password is None:
+        rpc_user = 'user'
+        import ecdsa, base64
+        bits = 128
+        nbytes = bits // 8 + (bits % 8 > 0)
+        pw_int = ecdsa.util.randrange(pow(2, bits))
+        pw_b64 = base64.b64encode(
+            pw_int.to_bytes(nbytes, 'big'), b'-_')
+        rpc_password = to_string(pw_b64, 'ascii')
+        config.set_key('rpcuser', rpc_user)
+        config.set_key('rpcpassword', rpc_password, save=True)
+    elif rpc_password == '':
+        from .util import print_stderr
+        print_stderr('WARNING: RPC authentication is disabled.')
+    return rpc_user, rpc_password
+
+
 class Daemon(DaemonThread):

    def __init__(self, config, fd, is_gui):
@@ -107,10 +134,13 @@ class Daemon(DaemonThread):
    def init_server(self, config, fd, is_gui):
        host = config.get('rpchost', '127.0.0.1')
        port = config.get('rpcport', 0)
+
+        rpc_user, rpc_password = get_rpc_credentials(config)
        try:
-            server = SimpleJSONRPCServer((host, port), logRequests=False)
-        except:
-            self.print_error('Warning: cannot initialize RPC server on host', host)
+            server = VerifyingJSONRPCServer((host, port), logRequests=False,
+                                            rpc_user=rpc_user, rpc_password=rpc_password)
+        except Exception as e:
+            self.print_error('Warning: cannot initialize RPC server on host', host, e)
            self.server = None
            os.close(fd)
            return