rpc: allow to pass RPC login via RPC_LOGIN env var

- passing by parameter is insecure as it is shown in the process list
This commit is contained in:
Dusan Klinec 2018-08-30 13:35:05 +02:00
parent 91c7d68b2d
commit 76f95f052e
No known key found for this signature in database
GPG key ID: 6337E118CCBCE103
2 changed files with 15 additions and 6 deletions

View file

@ -239,11 +239,14 @@ int main(int argc, char const * argv[])
return 1; return 1;
} }
const char *env_rpc_login = nullptr;
const bool has_rpc_arg = command_line::has_arg(vm, arg.rpc_login);
const bool use_rpc_env = !has_rpc_arg && (env_rpc_login = getenv("RPC_LOGIN")) != nullptr && strlen(env_rpc_login) > 0;
boost::optional<tools::login> login{}; boost::optional<tools::login> login{};
if (command_line::has_arg(vm, arg.rpc_login)) if (has_rpc_arg || use_rpc_env)
{ {
login = tools::login::parse( login = tools::login::parse(
command_line::get_arg(vm, arg.rpc_login), false, [](bool verify) { has_rpc_arg ? command_line::get_arg(vm, arg.rpc_login) : std::string(env_rpc_login), false, [](bool verify) {
#ifdef HAVE_READLINE #ifdef HAVE_READLINE
rdln::suspend_readline pause_readline; rdln::suspend_readline pause_readline;
#endif #endif

View file

@ -82,11 +82,17 @@ namespace cryptonote
} }
} }
if (command_line::has_arg(vm, arg.rpc_login)) const char *env_rpc_login = nullptr;
const bool has_rpc_arg = command_line::has_arg(vm, arg.rpc_login);
const bool use_rpc_env = !has_rpc_arg && (env_rpc_login = getenv("RPC_LOGIN")) != nullptr && strlen(env_rpc_login) > 0;
boost::optional<tools::login> login{};
if (has_rpc_arg || use_rpc_env)
{ {
config.login = tools::login::parse(command_line::get_arg(vm, arg.rpc_login), true, [](bool verify) { config.login = tools::login::parse(
return tools::password_container::prompt(verify, "RPC server password"); has_rpc_arg ? command_line::get_arg(vm, arg.rpc_login) : std::string(env_rpc_login), true, [](bool verify) {
}); return tools::password_container::prompt(verify, "RPC server password");
});
if (!config.login) if (!config.login)
return boost::none; return boost::none;