diff --git a/src/init.cpp b/src/init.cpp --- a/src/init.cpp +++ b/src/init.cpp @@ -700,7 +700,8 @@ ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); gArgs.AddArg("-torpassword=", "Tor control port password (default: empty)", - ArgsManager::ALLOW_ANY, OptionsCategory::CONNECTION); + ArgsManager::ALLOW_ANY | ArgsManager::SENSITIVE, + OptionsCategory::CONNECTION); #ifdef USE_UPNP #if USE_UPNP gArgs.AddArg("-upnp", @@ -1034,16 +1035,19 @@ "Port is optional and overrides -rpcport. Use [host]:port notation " "for IPv6. This option can be specified multiple times (default: " "127.0.0.1 and ::1 i.e., localhost)", - ArgsManager::ALLOW_ANY | ArgsManager::NETWORK_ONLY, + ArgsManager::ALLOW_ANY | ArgsManager::NETWORK_ONLY | + ArgsManager::SENSITIVE, OptionsCategory::RPC); gArgs.AddArg("-rpccookiefile=", "Location of the auth cookie. Relative paths will be prefixed " "by a net-specific datadir location. (default: data dir)", ArgsManager::ALLOW_ANY, OptionsCategory::RPC); gArgs.AddArg("-rpcuser=", "Username for JSON-RPC connections", - ArgsManager::ALLOW_ANY, OptionsCategory::RPC); + ArgsManager::ALLOW_ANY | ArgsManager::SENSITIVE, + OptionsCategory::RPC); gArgs.AddArg("-rpcpassword=", "Password for JSON-RPC connections", - ArgsManager::ALLOW_ANY, OptionsCategory::RPC); + ArgsManager::ALLOW_ANY | ArgsManager::SENSITIVE, + OptionsCategory::RPC); gArgs.AddArg( "-rpcwhitelist=", "Set a whitelist to filter incoming RPC calls for a specific user. The " @@ -1068,7 +1072,7 @@ "python script is included in share/rpcauth. The client then connects " "normally using the rpcuser=/rpcpassword= pair of " "arguments. This option can be specified multiple times", - ArgsManager::ALLOW_ANY, OptionsCategory::RPC); + ArgsManager::ALLOW_ANY | ArgsManager::SENSITIVE, OptionsCategory::RPC); gArgs.AddArg("-rpcport=", strprintf("Listen for JSON-RPC connections on " "(default: %u, testnet: %u, regtest: %u)", @@ -1996,6 +2000,9 @@ config_file_path.string()); } + // Log the config arguments to debug.log + gArgs.LogArgs(); + LogPrintf("Using at most %i automatic connections (%i file descriptors " "available)\n", nMaxConnections, nFD); diff --git a/src/test/getarg_tests.cpp b/src/test/getarg_tests.cpp --- a/src/test/getarg_tests.cpp +++ b/src/test/getarg_tests.cpp @@ -191,4 +191,38 @@ BOOST_CHECK(am.GetBoolArg("-foo", false)); } +BOOST_AUTO_TEST_CASE(logargs) { + const auto okaylog_bool = + std::make_pair("-okaylog-bool", ArgsManager::ALLOW_BOOL); + const auto okaylog_negbool = + std::make_pair("-okaylog-negbool", ArgsManager::ALLOW_BOOL); + const auto okaylog = std::make_pair("-okaylog", ArgsManager::ALLOW_ANY); + const auto dontlog = std::make_pair("-dontlog", ArgsManager::ALLOW_ANY | + ArgsManager::SENSITIVE); + ArgsManager am; + SetupArgs(am, {okaylog_bool, okaylog_negbool, okaylog, dontlog}); + ResetArgs( + am, + "-okaylog-bool -nookaylog-negbool -okaylog=public -dontlog=private"); + + // Everything logged to debug.log will also append to str + std::string str; + auto print_connection = LogInstance().PushBackCallback( + [&str](const std::string &s) { str += s; }); + + // Log the arguments + am.LogArgs(); + + LogInstance().DeleteCallback(print_connection); + // Check that what should appear does, and what shouldn't doesn't. + BOOST_CHECK(str.find("Command-line arg: okaylog-bool=\"\"") != + std::string::npos); + BOOST_CHECK(str.find("Command-line arg: okaylog-negbool=false") != + std::string::npos); + BOOST_CHECK(str.find("Command-line arg: okaylog=\"public\"") != + std::string::npos); + BOOST_CHECK(str.find("dontlog=****") != std::string::npos); + BOOST_CHECK(str.find("private") == std::string::npos); +} + BOOST_AUTO_TEST_SUITE_END() diff --git a/src/util/system.h b/src/util/system.h --- a/src/util/system.h +++ b/src/util/system.h @@ -158,6 +158,8 @@ * between mainnet and regtest/testnet won't cause problems due to these * parameters by accident. */ NETWORK_ONLY = 0x200, + // This argument's value is sensitive (such as a password). + SENSITIVE = 0x400, }; protected: @@ -349,6 +351,19 @@ * Return nullopt for unknown arg. */ Optional GetArgFlags(const std::string &name) const; + + /** + * Log the config file options and the command line arguments, + * useful for troubleshooting. + */ + void LogArgs() const; + +private: + // Helper function for LogArgs(). + void + logArgsPrefix(const std::string &prefix, const std::string §ion, + const std::map> + &args) const; }; extern ArgsManager gArgs; diff --git a/src/util/system.cpp b/src/util/system.cpp --- a/src/util/system.cpp +++ b/src/util/system.cpp @@ -987,6 +987,31 @@ !UseDefaultSection(arg)); } +void ArgsManager::logArgsPrefix( + const std::string &prefix, const std::string §ion, + const std::map> &args) const { + std::string section_str = section.empty() ? "" : "[" + section + "] "; + for (const auto &arg : args) { + for (const auto &value : arg.second) { + Optional flags = GetArgFlags('-' + arg.first); + if (flags) { + std::string value_str = + (*flags & SENSITIVE) ? "****" : value.write(); + LogPrintf("%s %s%s=%s\n", prefix, section_str, arg.first, + value_str); + } + } + } +} + +void ArgsManager::LogArgs() const { + LOCK(cs_args); + for (const auto §ion : m_settings.ro_config) { + logArgsPrefix("Config file arg:", section.first, section.second); + } + logArgsPrefix("Command-line arg:", "", m_settings.command_line_options); +} + bool RenameOver(fs::path src, fs::path dest) { #ifdef WIN32 return MoveFileExA(src.string().c_str(), dest.string().c_str(), diff --git a/test/functional/feature_config_args.py b/test/functional/feature_config_args.py --- a/test/functional/feature_config_args.py +++ b/test/functional/feature_config_args.py @@ -101,10 +101,40 @@ self.start_node(0, extra_args=['-noconnect=0']) self.stop_node(0) + def test_args_log(self): + self.log.info('Test config args logging') + with self.nodes[0].assert_debug_log( + expected_msgs=[ + 'Command-line arg: addnode="some.node"', + 'Command-line arg: rpcauth=****', + 'Command-line arg: rpcbind=****', + 'Command-line arg: rpcpassword=****', + 'Command-line arg: rpcuser=****', + 'Command-line arg: torpassword=****', + 'Config file arg: regtest="1"', + 'Config file arg: [regtest] server="1"', + ], + unexpected_msgs=[ + 'alice:f7efda5c189b999524f151318c0c86$d5b51b3beffbc0', + '127.1.1.1', + 'secret-rpcuser', + 'secret-torpassword', + ]): + self.start_node(0, extra_args=[ + '-addnode=some.node', + '-rpcauth=alice:f7efda5c189b999524f151318c0c86$d5b51b3beffbc0', + '-rpcbind=127.1.1.1', + '-rpcpassword=', + '-rpcuser=secret-rpcuser', + '-torpassword=secret-torpassword', + ]) + self.stop_node(0) + def run_test(self): self.stop_node(0) self.test_log_buffer() + self.test_args_log() self.test_config_file_parser() diff --git a/test/functional/test_framework/test_node.py b/test/functional/test_framework/test_node.py --- a/test/functional/test_framework/test_node.py +++ b/test/functional/test_framework/test_node.py @@ -318,7 +318,9 @@ wait_until(self.is_node_stopped, timeout=timeout) @contextlib.contextmanager - def assert_debug_log(self, expected_msgs, timeout=2): + def assert_debug_log(self, expected_msgs, unexpected_msgs=None, timeout=2): + if unexpected_msgs is None: + unexpected_msgs = [] time_end = time.time() + timeout debug_log = os.path.join(self.datadir, 'regtest', 'debug.log') with open(debug_log, encoding='utf-8') as dl: @@ -333,6 +335,12 @@ dl.seek(prev_size) log = dl.read() print_log = " - " + "\n - ".join(log.splitlines()) + for unexpected_msg in unexpected_msgs: + if re.search(re.escape(unexpected_msg), + log, flags=re.MULTILINE): + self._raise_assertion_error( + 'Unexpected message "{}" partially matches log:\n\n{}\n\n'.format( + unexpected_msg, print_log)) for expected_msg in expected_msgs: if re.search(re.escape(expected_msg), log, flags=re.MULTILINE) is None: