init: Add option for rpccookie permissions #26088
Conversation
|
https://github.com/bitcoin/bitcoin/pull/26088/checks?check_run_id=8346907823: The locale dependent function strtol(...) appears to be used:
src/httprpc.cpp: const auto perms{strtol(cookie_perms_arg->c_str(), &cookie_perms_end, 8)};
Unnecessary locale depedence can cause bugs that are very tricky to isolate and fix. Please avoid using locale dependent functions if possible. |
54f4839 to
8d7a71b
Compare
|
Fixed lint error. |
8d7a71b to
aa5afed
Compare
aa5afed to
857d46e
Compare
|
This will work only for Linux. Added a few lines in diff+void perms(fs::perms p)
+{
+ std::cout << ((p & fs::perms::owner_read) != fs::perms::none ? "r" : "-")
+ << ((p & fs::perms::owner_write) != fs::perms::none ? "w" : "-")
+ << ((p & fs::perms::owner_exec) != fs::perms::none ? "x" : "-")
+ << ((p & fs::perms::group_read) != fs::perms::none ? "r" : "-")
+ << ((p & fs::perms::group_write) != fs::perms::none ? "w" : "-")
+ << ((p & fs::perms::group_exec) != fs::perms::none ? "x" : "-")
+ << ((p & fs::perms::others_read) != fs::perms::none ? "r" : "-")
+ << ((p & fs::perms::others_write) != fs::perms::none ? "w" : "-")
+ << ((p & fs::perms::others_exec) != fs::perms::none ? "x" : "-")
+ << '\n';
+}
bool GenerateAuthCookie(std::string* cookie_out, std::optional<fs::perms> cookie_perms)
{
const size_t COOKIE_SIZE = 32;
unsigned char rand_pwd[COOKIE_SIZE];
GetRandBytes(rand_pwd);
std::string cookie = COOKIEAUTH_USER + ":" + HexStr(rand_pwd);
/** the umask determines what permissions are used to create this file -
* these are set to 077 in init.cpp unless overridden with -sysperms.
*/
std::ofstream file;
fs::path filepath_tmp = GetAuthCookieFile(true);
file.open(filepath_tmp);
if (!file.is_open()) {
LogPrintf("Unable to open cookie authentication file %s for writing\n", fs::PathToString(filepath_tmp));
return false;
}
file << cookie;
file.close();
if (cookie_perms) {
std::error_code code;
std::filesystem::permissions(filepath_tmp, *cookie_perms, std::filesystem::perm_options::replace, code);
if (code) {
LogPrintf("Unable to set permissions on cookie authentication file %s\n", fs::PathToString(filepath_tmp));
return false;
}
}
fs::path filepath = GetAuthCookieFile(false);
if (!RenameOver(filepath_tmp, filepath)) {
LogPrintf("Unable to rename cookie authentication file %s to %s\n", fs::PathToString(filepath_tmp), fs::PathToString(filepath));
return false;
}
LogPrintf("Generated RPC authentication cookie %s\n", fs::PathToString(filepath));
+ LogPrintf("Permissions used for cookie: ");
+ perms(fs::status(filepath).permissions());
if (cookie_out)
*cookie_out = cookie;
return true;
}Windows: Fedora: |
Adds a bitcoind launch option `-rpccookieperms` to configure the file permissions of the cookie.
857d46e to
cc0d0ae
Compare
|
Added the log message with a slightly modified version. Thanks @1440000bytes. |
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsNo conflicts as of last run. |
|
I'm wondering: would it be perhaps simpler to just state in the documentation that you should run A consideration here is that now all In any case, this is something that I run into time and again when deploying Bitcoin Core alongside other services, so I'd love to see some documentation on it. |
|
@aureleoules did you want to reponds to Carls thoughts here?
It's probably likey that 17127 will be merged shortly. |
|
I don't have a preference as I don't have much experience using this feature. |
17127 has been merged. Closing this. |
|
I think this could be re-opened to solve #25270 if @aureleoules is happy to pick it up again, otherwise I'd be happy to? Whilst #17127 has given us more sane and secure defaults, permitting group members to access the cookie without resorting to One the one hand any processes with access to the cookie could just as well be running as the same user as If we don't want to include this feature (but I think we should) then we should opt to close #25270 also. |
|
I don't have much time to work on Core so feel free to pick this up @willcl-ark. |
| auto cookie_perms_arg{gArgs.GetArg("-rpccookieperms")}; | ||
| if (cookie_perms_arg) { | ||
| auto perms{StringToOctal(*cookie_perms_arg)}; | ||
| if (!perms) { |
There was a problem hiding this comment.
Maybe check that cookie_perms_arg isn't a 1/parameterless.
There was a problem hiding this comment.
Thanks for the reminder on this luke, as I said I'd take it up previously. I took these changes in opening #28167
| @@ -98,12 +111,22 @@ bool GenerateAuthCookie(std::string *cookie_out) | |||
| file << cookie; | |||
There was a problem hiding this comment.
Should probably set permissions before writing to the file (but after opening it, so we already have write access), just in case they are more restrictive?
| #include <string> | ||
|
|
||
| #include <fs.h> |
| fs::path filepath = GetAuthCookieFile(false); | ||
| if (!RenameOver(filepath_tmp, filepath)) { | ||
| LogPrintf("Unable to rename cookie authentication file %s to %s\n", fs::PathToString(filepath_tmp), fs::PathToString(filepath)); | ||
| return false; | ||
| } | ||
| LogPrintf("Generated RPC authentication cookie %s\n", fs::PathToString(filepath)); | ||
| LogPrintf("Permissions used for cookie: %s\n", perms_to_str(fs::status(filepath).permissions())); |
There was a problem hiding this comment.
LogPrintf("Permissions used for cookie%s: %s\n",
cookie_perms ? " (set by -rpccookieperms)" : "",
perms_to_str(fs::status(filepath).permissions()));Adds a bitcoind launch option `-rpccookieperms` to configure the file permissions of the cookie. Github-Pull: bitcoin#26088 Rebased-From: cc0d0ae
73f0a6c doc: detail -rpccookieperms option (willcl-ark) d2afa26 test: add rpccookieperms test (willcl-ark) f467aed init: add option for rpccookie permissions (willcl-ark) 7df03f1 util: add perm string helper functions (willcl-ark) Pull request description: This PR picks up #26088 by aureleoules which adds a bitcoind launch option `-rpccookieperms` to set the file permissions of the cookie generated by bitcoin core. Example usage to make the generated cookie group-readable: `./src/bitcoind -rpccookieperms=group`. Accepted values for `-rpccookieperms` are `[owner|group|all]`. We let `fs::perms` handle platform-specific permissions changes. ACKs for top commit: achow101: ACK 73f0a6c ryanofsky: Code review ACK 73f0a6c. Main change since last review is no longer throwing a skip exception in the rpc test on windows, so other checks can run after it, and overall test result is passing, not skipped. Also were clarifying renames and documentation improvements. tdb3: cr ACK 73f0a6c Tree-SHA512: e800d59a44aca10e1c58ca69bf3fdde9f6ccf5eab4b7b962645af6d6bc0cfa3a357701e409c8c60d8d7744fcd33a91e77ada11790aa88cd7811ef60fab86ab11
Adds a bitcoind launch option
-rpccookiepermsto configure the file permissions of the cookie.Can be used like
./src/bitcoind -rpccookieperms=0660Closes #25270.