2016-03-19 20:58:06 +01:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
# Copyright (c) 2014-2016 The Bitcoin Core developers
|
2014-10-23 03:48:19 +02:00
|
|
|
# Distributed under the MIT software license, see the accompanying
|
2014-04-07 17:29:36 +02:00
|
|
|
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
2017-01-18 00:34:40 +01:00
|
|
|
"""Test running bitcoind with the -rpcbind and -rpcallowip options."""
|
2014-04-07 17:29:36 +02:00
|
|
|
|
2017-03-22 15:29:39 +01:00
|
|
|
import socket
|
|
|
|
import sys
|
|
|
|
|
2016-07-25 00:31:05 +02:00
|
|
|
from test_framework.test_framework import BitcoinTestFramework
|
2015-05-02 12:53:35 +02:00
|
|
|
from test_framework.util import *
|
|
|
|
from test_framework.netutil import *
|
2014-04-07 17:29:36 +02:00
|
|
|
|
2016-08-19 22:41:09 +02:00
|
|
|
|
2016-07-25 00:31:05 +02:00
|
|
|
class RPCBindTest(BitcoinTestFramework):
|
2014-04-07 17:29:36 +02:00
|
|
|
|
2016-07-25 00:31:05 +02:00
|
|
|
def __init__(self):
|
|
|
|
super().__init__()
|
|
|
|
self.setup_clean_chain = True
|
|
|
|
self.num_nodes = 1
|
2014-06-27 10:05:46 +02:00
|
|
|
|
2016-07-25 00:31:05 +02:00
|
|
|
def setup_network(self):
|
2014-04-07 17:29:36 +02:00
|
|
|
pass
|
|
|
|
|
2016-07-25 00:31:05 +02:00
|
|
|
def setup_nodes(self):
|
|
|
|
pass
|
2014-04-07 17:29:36 +02:00
|
|
|
|
2016-07-25 00:31:05 +02:00
|
|
|
def run_bind_test(self, allow_ips, connect_to, addresses, expected):
|
|
|
|
'''
|
|
|
|
Start a node with requested rpcallowip and rpcbind parameters,
|
|
|
|
then try to connect, and check if the set of bound addresses
|
|
|
|
matches the expected set.
|
|
|
|
'''
|
|
|
|
expected = [(addr_to_hex(addr), port) for (addr, port) in expected]
|
|
|
|
base_args = ['-disablewallet', '-nolisten']
|
|
|
|
if allow_ips:
|
|
|
|
base_args += ['-rpcallowip=' + x for x in allow_ips]
|
|
|
|
binds = ['-rpcbind='+addr for addr in addresses]
|
|
|
|
self.nodes = start_nodes(self.num_nodes, self.options.tmpdir, [base_args + binds], connect_to)
|
2017-02-22 11:29:43 +01:00
|
|
|
pid = bitcoind_processes[0].pid
|
|
|
|
assert_equal(set(get_bind_addrs(pid)), set(expected))
|
|
|
|
stop_nodes(self.nodes)
|
2016-07-25 00:31:05 +02:00
|
|
|
|
|
|
|
def run_allowip_test(self, allow_ips, rpchost, rpcport):
|
|
|
|
'''
|
2016-09-25 15:01:31 +02:00
|
|
|
Start a node with rpcallow IP, and request getnetworkinfo
|
2016-07-25 00:31:05 +02:00
|
|
|
at a non-localhost IP.
|
|
|
|
'''
|
|
|
|
base_args = ['-disablewallet', '-nolisten'] + ['-rpcallowip='+x for x in allow_ips]
|
|
|
|
self.nodes = start_nodes(self.num_nodes, self.options.tmpdir, [base_args])
|
2017-02-22 11:29:43 +01:00
|
|
|
# connect to node through non-loopback interface
|
|
|
|
node = get_rpc_proxy(rpc_url(0, "%s:%d" % (rpchost, rpcport)), 0)
|
|
|
|
node.getnetworkinfo()
|
|
|
|
stop_nodes(self.nodes)
|
2016-07-25 00:31:05 +02:00
|
|
|
|
|
|
|
def run_test(self):
|
|
|
|
# due to OS-specific network stats queries, this test works only on Linux
|
2017-03-22 15:29:39 +01:00
|
|
|
if not sys.platform.startswith('linux'):
|
|
|
|
self.log.warning("This test can only be run on linux. Skipping test.")
|
|
|
|
sys.exit(self.TEST_EXIT_SKIPPED)
|
2016-07-25 00:31:05 +02:00
|
|
|
# find the first non-loopback interface for testing
|
|
|
|
non_loopback_ip = None
|
|
|
|
for name,ip in all_interfaces():
|
|
|
|
if ip != '127.0.0.1':
|
|
|
|
non_loopback_ip = ip
|
|
|
|
break
|
|
|
|
if non_loopback_ip is None:
|
2017-03-22 15:29:39 +01:00
|
|
|
self.log.warning("This test requires at least one non-loopback IPv4 interface. Skipping test.")
|
|
|
|
sys.exit(self.TEST_EXIT_SKIPPED)
|
|
|
|
try:
|
|
|
|
s = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)
|
|
|
|
s.connect(("::1",1))
|
|
|
|
s.close
|
|
|
|
except OSError:
|
|
|
|
self.log.warning("This test requires IPv6 support. Skipping test.")
|
|
|
|
sys.exit(self.TEST_EXIT_SKIPPED)
|
|
|
|
|
2017-03-08 00:46:17 +01:00
|
|
|
self.log.info("Using interface %s for testing" % non_loopback_ip)
|
2016-07-25 00:31:05 +02:00
|
|
|
|
|
|
|
defaultport = rpc_port(0)
|
|
|
|
|
|
|
|
# check default without rpcallowip (IPv4 and IPv6 localhost)
|
|
|
|
self.run_bind_test(None, '127.0.0.1', [],
|
|
|
|
[('127.0.0.1', defaultport), ('::1', defaultport)])
|
|
|
|
# check default with rpcallowip (IPv6 any)
|
|
|
|
self.run_bind_test(['127.0.0.1'], '127.0.0.1', [],
|
|
|
|
[('::0', defaultport)])
|
|
|
|
# check only IPv4 localhost (explicit)
|
|
|
|
self.run_bind_test(['127.0.0.1'], '127.0.0.1', ['127.0.0.1'],
|
|
|
|
[('127.0.0.1', defaultport)])
|
|
|
|
# check only IPv4 localhost (explicit) with alternative port
|
|
|
|
self.run_bind_test(['127.0.0.1'], '127.0.0.1:32171', ['127.0.0.1:32171'],
|
|
|
|
[('127.0.0.1', 32171)])
|
|
|
|
# check only IPv4 localhost (explicit) with multiple alternative ports on same host
|
|
|
|
self.run_bind_test(['127.0.0.1'], '127.0.0.1:32171', ['127.0.0.1:32171', '127.0.0.1:32172'],
|
|
|
|
[('127.0.0.1', 32171), ('127.0.0.1', 32172)])
|
|
|
|
# check only IPv6 localhost (explicit)
|
|
|
|
self.run_bind_test(['[::1]'], '[::1]', ['[::1]'],
|
|
|
|
[('::1', defaultport)])
|
|
|
|
# check both IPv4 and IPv6 localhost (explicit)
|
|
|
|
self.run_bind_test(['127.0.0.1'], '127.0.0.1', ['127.0.0.1', '[::1]'],
|
|
|
|
[('127.0.0.1', defaultport), ('::1', defaultport)])
|
|
|
|
# check only non-loopback interface
|
|
|
|
self.run_bind_test([non_loopback_ip], non_loopback_ip, [non_loopback_ip],
|
|
|
|
[(non_loopback_ip, defaultport)])
|
|
|
|
|
|
|
|
# Check that with invalid rpcallowip, we are denied
|
|
|
|
self.run_allowip_test([non_loopback_ip], non_loopback_ip, defaultport)
|
2017-03-07 20:08:59 +01:00
|
|
|
assert_raises_jsonrpc(-342, "non-JSON HTTP response with '403 Forbidden' from server", self.run_allowip_test, ['1.1.1.1'], non_loopback_ip, defaultport)
|
2014-04-07 17:29:36 +02:00
|
|
|
|
|
|
|
if __name__ == '__main__':
|
2016-08-19 22:41:09 +02:00
|
|
|
RPCBindTest().main()
|