Commit Graph

75 Commits

Author SHA1 Message Date
Gregory Maxwell
23126a0a09 Sanitize command strings before logging them.
Normally bitcoin core does not display any network originated strings without
 sanitizing or hex encoding.  This wasn't done for strcommand in many places.

This could be used to play havoc with a terminal displaying the logs,
 especially with printtoconsole in use.

Thanks to Evil-Knievel for reporting this issue.

Conflicts:
	src/main.cpp
2015-02-24 08:40:07 +01:00
Gregory Maxwell
186a517692
Restore RPC HTTP keepalives to default.
This avoids a regression for issues like #334 where high speed
 repeated connections eventually run the HTTP client out of
 sockets because all of theirs end up in time_wait.

Maybe the trade-off here is suboptimal, but if both choices will
 fail then we prefer fewer changes until the root cause is solved.

Rebased-From: 1a25a7edf8 7d2cb48511
Github-Pull: #5674
2015-01-19 12:16:17 +01:00
Gregory Maxwell
aaf55d25c6
Add a -rpckeepalive and disable RPC use of HTTP persistent connections.
It turns out that some miners have been staying with old versions of
 Bitcoin Core because their software  behaves poorly with persistent
 connections and the Bitcoin Core thread and connection limits.

What happens is that underlying  HTTP libraries leave connections open
 invisibly to their users and then the user runs into the default four
 thread limit.  This looks like Bitcoin Core is unresponsive to RPC.

There are many things that should be improved in Bitcoin Core's behavior
 here, e.g. supporting more concurrent connections, not tying up threads
 for idle connections, disconnecting kept-alive  connections when limits
 are reached, etc. All are fairly big, risky changes.

Disabling keep-alive is a simple workaround. It's often not easy to turn
 off the keep-alive support in the client where it may be buried in some
 platform library.

If you are one of the few who really needs persistent connections you
 probably know that you want them and can find a switch; while if you
 don't and the misbehavior is hitting you it is hard to discover the
 source of your problems is keepalive related.  Given that it is best
 to default to off until they're handled better.

Github-Merge: #5655
Rebased-From: 16a5c18cea 56c1093dae 1dd8ee72af
2015-01-15 09:38:24 +01:00
Cory Fields
87d43a3c8e rpcserver: attempt to fix uncaught exception.
Rebased-From: f9c571aad8
Github-Pull: #5565
2014-12-30 17:38:03 +01:00
Gregory Maxwell
683dc4009b Disable SSLv3 (in favor of TLS) for the RPC client and server.
TLS is subject to downgrade attacks when SSLv3 is available, and
 SSLv3 has vulnerabilities.

The popular solution is to disable SSLv3. On the web this breaks
 some tiny number of very old clients. While Bitcoin RPC shouldn't
 be exposed to the open Internet, it also shouldn't be exposed to
 really old SSL implementations, so it shouldn't be a major issue
 for us to disable SSLv3.

There is more information on the downgrade attacks and disabling
 SSLv3 at https://disablessl3.com/ .
2014-12-06 07:08:02 -08:00
Gavin Andresen
1c7e09f0b9
Merge pull request #5369
b2d0162 Test resurrecting memory pool transactions during chain re-org (Gavin Andresen)
3dd8ed7 Delay writing block indexes in invalidate/reconsider (Pieter Wuille)
798faec Add 'invalidateblock' and 'reconsiderblock' RPC commands. (Pieter Wuille)
2014-12-02 11:59:41 -05:00
Wladimir J. van der Laan
f86a24b368
Move setmocktime to hidden category
Another testing-only potential footgun command.
2014-11-28 10:57:14 +01:00
Pieter Wuille
bd9aebf19d Introduce a hidden category 2014-11-26 16:36:26 +01:00
Pieter Wuille
9b0a8d3152 Add 'invalidateblock' and 'reconsiderblock' RPC commands.
These can be used for testing reorganizations or for manual intervention in case of
chain forks.
2014-11-26 16:36:25 +01:00
Jonas Schnelli
5dc713bfc7 [REST] set REST API behind "-rest" option 2014-11-26 13:53:27 +01:00
Jonas Schnelli
78bdc8103f [REST] give an appropriate response in warmup phase 2014-11-26 13:51:02 +01:00
Pieter Wuille
798faec3ea Add 'invalidateblock' and 'reconsiderblock' RPC commands.
These can be used for testing reorganizations or for manual intervention in case of
chain forks.
2014-11-25 12:32:51 +01:00
Glenn Willen
77c38bb5cc Truthier error message when rpcpassword is missing 2014-11-19 15:34:36 -08:00
Gavin Andresen
fd3777b0b2
Merge pull request #5280
3c30f27 travis: disable rpc tests for windows until they're not so flaky (Cory Fields)
daf03e7 RPC tests: create initial chain with specific timestamps (Gavin Andresen)
a8b2ce5 regression test only setmocktime RPC call (Gavin Andresen)
2014-11-18 14:31:29 -05:00
Jeff Garzik
7715c84747
HTTP REST: minor fixes
1) const-ify internal helper ParseHashStr()

2) use HTTPError() helper when returning HTTP_NOT_FOUND
2014-11-18 10:27:45 -05:00
Gavin Andresen
a8b2ce557d
regression test only setmocktime RPC call 2014-11-17 10:33:49 -05:00
Jeff Garzik
e2655e0ab1 Add unauthenticated HTTP REST interface to public blockchain data. 2014-11-11 04:52:43 -05:00
Daniel Kraft
af82884ab7 Add "warmup mode" for RPC server.
Start the RPC server before doing all the (expensive) startup
initialisations like loading the block index.  Until the node is ready,
return all calls immediately with a new error signalling "in warmup"
with an appropriate status message (similar to the init message).

This is useful for RPC clients to know that the server is there (e. g.,
they don't have to start it) but not yet available.  It is used in
Namecoin and Huntercoin already for some time, and there exists a UI
hooked onto the RPC interface that actively uses this to its advantage.
2014-11-04 16:01:09 +01:00
Michael Ford
7792040294 Update comments in rpcserver to be doxygen compatible 2014-10-30 10:14:08 +08:00
Mark Friedenbach
d4746d56c0 Add a SECURE style flag for ThreadSafeMessageBox, which indicates that the message contains sensitive information. This keeps the message from being output to the debug log by bitcoind. Fixes a possible security risk when starting bitcoind in server mode without the 'rpcpassword' option configured, resulting in the "suggested" password being output to the debug log. 2014-10-17 00:33:31 -07:00
Mark Friedenbach
a372168e77 Use a typedef for monetary values 2014-09-26 15:42:04 -07:00
ENikS
ec91092df8
Fixing compiler warning C4101
Github-Pull: #4856
2014-09-15 14:35:32 +02:00
Wladimir J. van der Laan
ad49c256c3 Split up util.cpp/h
Split up util.cpp/h into:

- string utilities (hex, base32, base64): no internal dependencies, no dependency on boost (apart from foreach)
- money utilities (parsesmoney, formatmoney)
- time utilities (gettime*, sleep, format date):
- and the rest (logging, argument parsing, config file parsing)

The latter is basically the environment and OS handling,
and is stripped of all utility functions, so we may want to
rename it to something else than util.cpp/h for clarity (Matt suggested
osinterface).

Breaks dependency of sha256.cpp on all the things pulled in by util.
2014-08-26 13:25:22 +02:00
Wladimir J. van der Laan
01094bd01f Don't reveal whether password is <20 or >20 characters in RPC
As discussed on IRC.

It seems bad to base a decision to delay based on the password length,
as it leaks a small amount of information.
2014-08-19 14:40:34 +02:00
Jeff Garzik
6f2c26a457 Closely track mempool byte total. Add "getmempoolinfo" RPC.
Goal:  Gain live insight into the mempool.  Groundwork for future work
that caps mempool size.
2014-08-14 12:34:38 -04:00
Cozz Lovan
6b5b7cbfb4
Categorize rpc help overview
Conflicts:
	src/rpcserver.cpp

Github-Pull: #4539
Rebased-By: Wladimir J. van der Laan <laanwj@gmail.com>
Rebased-From: df3d321
2014-08-11 16:20:40 +02:00
Wladimir J. van der Laan
733177ebd3 Remove size limit in RPC client, keep it in server
The size limit makes a lot of sense for the server, as it never has to
accept very large data.

The client, however, can request arbitrary amounts of data with
`listtransactions` on a large wallet.

Fixes #4604.
2014-08-06 13:03:58 +02:00
Wladimir J. van der Laan
e17151ad2a Avoid a copy in RPC output
Split up HTTPReply into HTTPReply and HTTPReplyHeader, so that
the message data can be streamed directly.

Also removes a c_str(), which would have prevented binary
output with NUL characters in it.
2014-08-06 13:01:49 +02:00
Daniel Kraft
b33bd7a3be Implement "getchaintips" RPC command to monitor blockchain forks.
Port over https://github.com/chronokings/huntercoin/pull/19 from
Huntercoin:  This implements a new RPC command "getchaintips" that can be
used to find all currently active chain heads.  This is similar to the
-printblocktree startup option, but it can be used without restarting
just via the RPC interface on a running daemon.
2014-08-03 18:12:19 +02:00
Wladimir J. van der Laan
6513a9f703
Merge pull request #4400
4eedf4f make RandAddSeed() use OPENSSL_cleanse() (Philip Kaufmann)
6354935 move rand functions from util to new random.h/.cpp (Philip Kaufmann)
001a53d add GetRandBytes() as wrapper for RAND_bytes() (Philip Kaufmann)
2014-07-14 11:35:30 +02:00
Wladimir J. van der Laan
3554df9b99
Merge pull request #4503
b45a6e8 Add test for getblocktemplate longpolling (Wladimir J. van der Laan)
ff6a7af getblocktemplate: longpolling support (Luke Dashjr)
2014-07-14 08:29:46 +02:00
Luke Dashjr
ff6a7af154 getblocktemplate: longpolling support 2014-07-11 14:48:02 +02:00
Gregory Maxwell
b60be6be4a Clean up RPCs that are disabled in safe-mode.
This removes some inconsistencies in what worked and didn't work in
 safemode. Now only RPCs involved in getting balances or sending
 funds are disabled.

Previously you could mine but not submit blocks— but we may need more
 blocks to resolve a fork that triggered safe mode in the first place,
 and the non-submission was not reliable since some miners submit
 blocks via multiple means. There were also a number of random commands
 disabled that had nothing to do with the blockchain like verifymessage.

Thanks to earlz for pointing out that there were some moderately cheap
 ways to maliciously trigger safe mode, which brought attention to
 the fact that safemode wasn't used in a very intelligent way.
2014-07-10 10:35:48 -07:00
Philip Kaufmann
001a53d742 add GetRandBytes() as wrapper for RAND_bytes()
- add a small wrapper in util around RAND_bytes() and replace with
  GetRandBytes() in the code to log errors from calling RAND_bytes()
- remove OpenSSL header rand.h where no longer needed
2014-07-09 09:42:18 +02:00
Wladimir J. van der Laan
f748ff730b
Merge pull request #4045
a3e192a replaced MINE_ with ISMINE_ (JaSK)
53a2148 fixed bug where validateaddress doesn't display information (JaSK)
f28707a fixed bug in ListReceived() (JaSK)
519dd1c Added MINE_ALL = (spendable|watchonly) (JaSK)
23b0506 Fixed some stuff in TransactionDesc (JaSK)
80dda36 removed default argument values for ismine filter (JaSK)
d5087d1 Use script matching rather than destination matching for watch-only. (Pieter Wuille)
0fa2f88 added includedWatchonly argument to listreceivedbyaddress/...account (JaSK)
f87ba3d added includeWatchonly argument to 'gettransaction' because it affects balance calculation (JaSK)
a5c6c5d fixed tiny glitch and improved readability like laanwj suggested (JaSK)
d7d5d23 Added argument to listtransactions and listsinceblock to include watchonly addresses (JaSK)
952877e Showing 'involvesWatchonly' property for transactions returned by 'listtransactions' and 'listsinceblock'. It is only appended when the transaction involves a watchonly address. (JaSK)
83f3543 Added argument to listaccounts to include watchonly addresses (JaSK)
d4640d7 Added argument to getbalance to include watchonly addresses and fixed errors in balance calculation. (JaSK)
d2692f6 Watchonly transactions are marked in transaction history (JaSK)
ffd40da Watchonly balances are shown separately in gui. (JaSK)
2935b21 qt: Hide unspendable outputs in coin control (Wladimir J. van der Laan)
c898846 Add support for watch-only addresses (Pieter Wuille)
2014-07-07 16:06:28 +02:00
Wladimir J. van der Laan
4278b1df45
Clarify error message when invalid -rpcallowip
Also add to HelpMessage() what specifications are valid.
2014-07-03 07:11:59 +02:00
Pieter Wuille
c8988460a2 Add support for watch-only addresses
Changes:
* Add Add/Have WatchOnly methods to CKeyStore, and implementations
  in CBasicKeyStore.
* Add similar methods to CWallet, and support entries for it in
  CWalletDB.
* Make IsMine in script/wallet return a new enum 'isminetype',
  rather than a boolean. This allows distinguishing between
  spendable and unspendable coins.
* Add a field fSpendable to COutput (GetAvailableCoins' return type).
* Mark watchonly coins in listunspent as 'watchonly': true.
* Add 'watchonly' to validateaddress, suppressing script/pubkey/...
  in this case.

Based on a patch by Eric Lombrozo.

Conflicts:
	src/qt/walletmodel.cpp
	src/rpcserver.cpp
	src/wallet.cpp
2014-07-02 15:48:37 +02:00
kazcw
16f33f163d fix RPC error replies
After pull #4288, RPC messages indicating errors have a Content-Length unrelated
to their actual contents, rendering bitcoin-cli and curl unable to decode the
reply.

This patch sets the Content-Length field based on the actual content returned.

Additionally, pull #4288 clobbered the error descriptions provided in
ErrorReply, which bitcoin-cli relies upon; this patch moves #4288 http-error
descriptions to an HTTPError method, allowing HTTPReply to pass content on
unchanged.
2014-06-28 19:16:15 -07:00
jtimon
645d497aa0 Replace HexBits with strprintf 2014-06-28 13:19:14 +02:00
Philip Kaufmann
40a158e100 minor code format fix in rpc-related files 2014-06-27 11:13:25 +02:00
Jeff Garzik
854d013012 RPC code movement: separate out JSON-RPC execution logic from HTTP server logic 2014-06-26 23:32:18 -04:00
Jeff Garzik
c912e22db0 RPC cleanup: Improve HTTP server replies
1) support varying content types
2) support only sending the header
3) properly deliver error message as content, if HTTP error
4) move AcceptedConnection class to header, for wider use
2014-06-26 23:32:18 -04:00
Luke Dashjr
2a72d4591f JSON-RPC method: prioritisetransaction <txid> <priority delta> <priority tx fee>
Accepts the transaction into mined blocks at a higher (or lower) priority
2014-06-26 11:49:46 +00:00
Wladimir J. van der Laan
84ce18ca93 Remove unnecessary dependencies for bitcoin-cli
This commit removes all the unnecessary dependencies (key, core,
netbase, sync, ...) from bitcoin-cli.

To do this it shards the chain parameters into BaseParams, which
contains just the RPC port and data directory (as used by utils and
bitcoin-cli) and Params, with the rest.
2014-06-25 10:31:35 +02:00
Pieter Wuille
cf0c47b269 Remove getwork() RPC call 2014-06-21 19:47:39 +02:00
Wladimir J. van der Laan
6afa49329d rpc: Add acceptors only when listening succeeded 2014-06-19 08:19:52 +02:00
Wladimir J. van der Laan
33e5b42910 rpc: Ignore and log errors during cancel
Cancelling the RPC acceptors can sometimes result in an error about
a bad file descriptor.

As this is the shutdown sequence we need to continue nevertheless,
ignore these errors, log a warning and proceed.

Fixes #4352.
2014-06-19 08:19:46 +02:00
Pieter Wuille
18e72167dd Push cs_mains down in ProcessBlock 2014-06-09 02:21:15 +02:00
Gavin Andresen
171ca7745e estimatefee / estimatepriority RPC methods
New RPC methods: return an estimate of the fee (or priority) a
transaction needs to be likely to confirm in a given number of
blocks.

Mike Hearn created the first version of this method for estimating fees.
It works as follows:

For transactions that took 1 to N (I picked N=25) blocks to confirm,
keep N buckets with at most 100 entries in each recording the
fees-per-kilobyte paid by those transactions.

(separate buckets are kept for transactions that confirmed because
they are high-priority)

The buckets are filled as blocks are found, and are saved/restored
in a new fee_estiamtes.dat file in the data directory.

A few variations on Mike's initial scheme:

To estimate the fee needed for a transaction to confirm in X buckets,
all of the samples in all of the buckets are used and a median of
all of the data is used to make the estimate. For example, imagine
25 buckets each containing the full 100 entries. Those 2,500 samples
are sorted, and the estimate of the fee needed to confirm in the very
next block is the 50'th-highest-fee-entry in that sorted list; the
estimate of the fee needed to confirm in the next two blocks is the
150'th-highest-fee-entry, etc.

That algorithm has the nice property that estimates of how much fee
you need to pay to get confirmed in block N will always be greater
than or equal to the estimate for block N+1. It would clearly be wrong
to say "pay 11 uBTC and you'll get confirmed in 3 blocks, but pay
12 uBTC and it will take LONGER".

A single block will not contribute more than 10 entries to any one
bucket, so a single miner and a large block cannot overwhelm
the estimates.
2014-06-06 10:44:57 -04:00
Wladimir J. van der Laan
deb3572ab1 Add -rpcbind option to allow binding RPC port on a specific interface
Add -rpcbind command option to specify binding RPC service on one
or multiple specific interfaces.

Functionality if -rpcbind is not specified remains the same as before:

- If no -rpcallowip specified, bind on localhost
- If no -rpcbind specified, bind on any interface

Implements part of #3111.
2014-05-13 07:23:23 +02:00