Add server auth to monerod, and client auth to wallet-cli and wallet-rpc

8 files changed, 51 insertions, 386 deletions

diff --git a/src/wallet/CMakeLists.txt b/src/wallet/CMakeLists.txt
index 922464a3c..8626001ce 100644
--- a/src/wallet/CMakeLists.txt
+++ b/src/wallet/CMakeLists.txt
@@ -31,7 +31,6 @@
 set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib)
 
 set(wallet_sources
-  password_container.cpp
   wallet2.cpp
   wallet_args.cpp
   node_rpc_proxy.cpp
@@ -49,7 +48,6 @@ set(wallet_api_headers
     
 
 set(wallet_private_headers
-  password_container.h
   wallet2.h
   wallet_args.h
   wallet_errors.h
@@ -74,6 +72,7 @@ monero_add_library(wallet
   ${wallet_private_headers})
 target_link_libraries(wallet
   PUBLIC
+    common
     cryptonote_core
     mnemonics
     p2p
diff --git a/src/wallet/api/wallet.cpp b/src/wallet/api/wallet.cpp
index 9e40d2e02..325f8522e 100644
--- a/src/wallet/api/wallet.cpp
+++ b/src/wallet/api/wallet.cpp
@@ -1364,7 +1364,7 @@ bool WalletImpl::isNewWallet() const
 
 bool WalletImpl::doInit(const string &daemon_address, uint64_t upper_transaction_size_limit)
 {
-    if (!m_wallet->init(daemon_address, upper_transaction_size_limit))
+    if (!m_wallet->init(daemon_address, boost::none, upper_transaction_size_limit))
        return false;
 
     // in case new wallet, this will force fast-refresh (pulling hashes instead of blocks)
diff --git a/src/wallet/api/wallet_manager.cpp b/src/wallet/api/wallet_manager.cpp
index c761cc6d2..4104e7884 100644
--- a/src/wallet/api/wallet_manager.cpp
+++ b/src/wallet/api/wallet_manager.cpp
@@ -48,7 +48,7 @@ namespace {
     bool connect_and_invoke(const std::string& address, const std::string& path, const Request& request, Response& response)
     {
         epee::net_utils::http::http_simple_client client{};
-        return client.set_server(address) && epee::net_utils::invoke_http_json(path, request, response, client);
+        return client.set_server(address, boost::none) && epee::net_utils::invoke_http_json(path, request, response, client);
     }
 }
 
diff --git a/src/wallet/password_container.cpp b/src/wallet/password_container.cpp
deleted file mode 100644
index 832b93a1a..000000000
--- a/src/wallet/password_container.cpp
+++ /dev/null
@@ -1,248 +0,0 @@
-// Copyright (c) 2014-2016, The Monero Project
-// 
-// All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without modification, are
-// permitted provided that the following conditions are met:
-// 
-// 1. Redistributions of source code must retain the above copyright notice, this list of
-//    conditions and the following disclaimer.
-// 
-// 2. Redistributions in binary form must reproduce the above copyright notice, this list
-//    of conditions and the following disclaimer in the documentation and/or other
-//    materials provided with the distribution.
-// 
-// 3. Neither the name of the copyright holder nor the names of its contributors may be
-//    used to endorse or promote products derived from this software without specific
-//    prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
-// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
-// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-// 
-// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
-
-#include "password_container.h"
-
-#include <iostream>
-#include <memory.h>
-#include <stdio.h>
-
-#if defined(_WIN32)
-#include <io.h>
-#include <windows.h>
-#else
-#include <termios.h>
-#include <unistd.h>
-#endif
-
-namespace
-{
-#if defined(_WIN32)
-  bool is_cin_tty() noexcept
-  {
-    return 0 != _isatty(_fileno(stdin));
-  }
-
-  bool read_from_tty(std::string& pass)
-  {
-    static constexpr const char BACKSPACE = 8;
-
-    HANDLE h_cin = ::GetStdHandle(STD_INPUT_HANDLE);
-
-    DWORD mode_old;
-    ::GetConsoleMode(h_cin, &mode_old);
-    DWORD mode_new = mode_old & ~(ENABLE_ECHO_INPUT | ENABLE_LINE_INPUT);
-    ::SetConsoleMode(h_cin, mode_new);
-
-    bool r = true;
-    pass.reserve(tools::password_container::max_password_size);
-    while (pass.size() < tools::password_container::max_password_size)
-    {
-      DWORD read;
-      char ch;
-      r = (TRUE == ::ReadConsoleA(h_cin, &ch, 1, &read, NULL));
-      r &= (1 == read);
-      if (!r)
-      {
-        break;
-      }
-      else if (ch == '\n' || ch == '\r')
-      {
-        std::cout << std::endl;
-        break;
-      }
-      else if (ch == BACKSPACE)
-      {
-        if (!pass.empty())
-        {
-          pass.back() = '\0';
-          pass.resize(pass.size() - 1);
-          std::cout << "\b \b";
-        }
-      }
-      else
-      {
-        pass.push_back(ch);
-        std::cout << '*';
-      }
-    }
-
-    ::SetConsoleMode(h_cin, mode_old);
-
-    return r;
-  }
-
-#else // end WIN32 
-
-  bool is_cin_tty() noexcept
-  {
-    return 0 != isatty(fileno(stdin));
-  }
-
-  int getch() noexcept
-  {
-    struct termios tty_old;
-    tcgetattr(STDIN_FILENO, &tty_old);
-
-    struct termios tty_new;
-    tty_new = tty_old;
-    tty_new.c_lflag &= ~(ICANON | ECHO);
-    tcsetattr(STDIN_FILENO, TCSANOW, &tty_new);
-
-    int ch = getchar();
-
-    tcsetattr(STDIN_FILENO, TCSANOW, &tty_old);
-
-    return ch;
-  }
-
-  bool read_from_tty(std::string& aPass)
-  {
-    static constexpr const char BACKSPACE = 127;
-
-    aPass.reserve(tools::password_container::max_password_size);
-    while (aPass.size() < tools::password_container::max_password_size)
-    {
-      int ch = getch();
-      if (EOF == ch)
-      {
-        return false;
-      }
-      else if (ch == '\n' || ch == '\r')
-      {
-        std::cout << std::endl;
-        break;
-      }
-      else if (ch == BACKSPACE)
-      {
-        if (!aPass.empty())
-        {
-          aPass.back() = '\0';
-          aPass.resize(aPass.size() - 1);
-          std::cout << "\b \b";
-        }
-      }
-      else
-      {
-        aPass.push_back(ch);
-        std::cout << '*';
-      }
-    }
-
-    return true;
-  }
-
-#endif // end !WIN32
-
-  void clear(std::string& pass) noexcept
-  {
-    //! TODO Call a memory wipe function that hopefully is not optimized out
-    pass.replace(0, pass.capacity(), pass.capacity(), '\0');
-    pass.clear();
-  }
-
-  bool read_from_tty(const bool verify, const char *message, std::string& pass1, std::string& pass2)
-  {
-    while (true)
-    {
-      if (message)
-        std::cout << message <<": ";
-      if (!read_from_tty(pass1))
-        return false;
-      if (verify)
-      {
-        std::cout << "Confirm Password: ";
-        if (!read_from_tty(pass2))
-          return false;
-        if(pass1!=pass2)
-        {
-          std::cout << "Passwords do not match! Please try again." << std::endl;
-          clear(pass1);
-          clear(pass2);
-        }
-        else //new password matches
-          return true;
-      }
-      else
-        return true;
-        //No need to verify password entered at this point in the code
-    }
-
-    return false;
-  }
-
-  bool read_from_file(std::string& pass)
-  {
-    pass.reserve(tools::password_container::max_password_size);
-    for (size_t i = 0; i < tools::password_container::max_password_size; ++i)
-    {
-      char ch = static_cast<char>(std::cin.get());
-      if (std::cin.eof() || ch == '\n' || ch == '\r')
-      {
-        break;
-      }
-      else if (std::cin.fail())
-      {
-        return false;
-      }
-      else
-      {
-        pass.push_back(ch);
-      }
-    }
-    return true;
-  }
-
-} // anonymous namespace
-
-namespace tools 
-{
-  // deleted via private member
-  password_container::password_container() noexcept : m_password() {}
-  password_container::password_container(std::string&& password) noexcept
-    : m_password(std::move(password)) 
-  {
-  }
-
-  password_container::~password_container() noexcept
-  {
-    clear(m_password);
-  }
-
-  boost::optional<password_container> password_container::prompt(const bool verify, const char *message)
-  {
-    password_container pass1{};
-    password_container pass2{};
-    if (is_cin_tty() ? read_from_tty(verify, message, pass1.m_password, pass2.m_password) : read_from_file(pass1.m_password))
-      return {std::move(pass1)};
-
-    return boost::none;
-  }
-} 
diff --git a/src/wallet/password_container.h b/src/wallet/password_container.h
deleted file mode 100644
index 9c6faf9c8..000000000
--- a/src/wallet/password_container.h
+++ /dev/null
@@ -1,67 +0,0 @@
-// Copyright (c) 2014-2016, The Monero Project
-// 
-// All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without modification, are
-// permitted provided that the following conditions are met:
-// 
-// 1. Redistributions of source code must retain the above copyright notice, this list of
-//    conditions and the following disclaimer.
-// 
-// 2. Redistributions in binary form must reproduce the above copyright notice, this list
-//    of conditions and the following disclaimer in the documentation and/or other
-//    materials provided with the distribution.
-// 
-// 3. Neither the name of the copyright holder nor the names of its contributors may be
-//    used to endorse or promote products derived from this software without specific
-//    prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
-// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
-// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-// 
-// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
-
-#pragma once
-
-#include <string>
-#include <boost/optional/optional.hpp>
-
-namespace tools
-{
-  class password_container
-  {
-  public:
-    static constexpr const size_t max_password_size = 1024;
-
-    //! Empty password
-    password_container() noexcept;
-
-    //! `password` is used as password
-    password_container(std::string&& password) noexcept;
-
-    //! \return A password from stdin TTY prompt or `std::cin` pipe.
-    static boost::optional<password_container> prompt(bool verify, const char *mesage = "Password");
-
-    password_container(const password_container&) = delete;
-    password_container(password_container&& rhs) = default;
-
-    //! Wipes internal password
-    ~password_container() noexcept;
-
-    password_container& operator=(const password_container&) = delete;
-    password_container& operator=(password_container&&) = default;
-
-    const std::string& password() const noexcept { return m_password; }
-
-  private:
-    //! TODO Custom allocator that locks to RAM?
-    std::string m_password;
-  };
-}
diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index 9bdfc7b04..0c6d23cc4 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -108,6 +108,7 @@ struct options {
   const command_line::arg_descriptor<std::string> password = {"password", tools::wallet2::tr("Wallet password"), "", true};
   const command_line::arg_descriptor<std::string> password_file = {"password-file", tools::wallet2::tr("Wallet password file"), "", true};
   const command_line::arg_descriptor<int> daemon_port = {"daemon-port", tools::wallet2::tr("Use daemon instance at port <arg> instead of 18081"), 0};
+  const command_line::arg_descriptor<std::string> daemon_login = {"daemon-login", tools::wallet2::tr("Specify username[:password] for daemon RPC client"), "", true};
   const command_line::arg_descriptor<bool> testnet = {"testnet", tools::wallet2::tr("For testnet. Daemon must also be launched with --testnet flag"), false};
   const command_line::arg_descriptor<bool> restricted = {"restricted-rpc", tools::wallet2::tr("Restricts to view-only commands"), false};
 };
@@ -152,6 +153,18 @@ std::unique_ptr<tools::wallet2> make_basic(const boost::program_options::variabl
     return nullptr;
   }
 
+  boost::optional<epee::net_utils::http::login> login{};
+  if (command_line::has_arg(vm, opts.daemon_login))
+  {
+    auto parsed = tools::login::parse(
+      command_line::get_arg(vm, opts.daemon_login), false, "Daemon client password"
+    );
+    if (!parsed)
+      return nullptr;
+
+    login.emplace(std::move(parsed->username), std::move(parsed->password).password());
+  }
+
   if (daemon_host.empty())
     daemon_host = "localhost";
 
@@ -164,7 +177,7 @@ std::unique_ptr<tools::wallet2> make_basic(const boost::program_options::variabl
     daemon_address = std::string("http://") + daemon_host + ":" + std::to_string(daemon_port);
 
   std::unique_ptr<tools::wallet2> wallet(new tools::wallet2(testnet, restricted));
-  wallet->init(std::move(daemon_address));
+  wallet->init(std::move(daemon_address), std::move(login));
   return wallet;
 }
 
@@ -434,6 +447,7 @@ void wallet2::init_options(boost::program_options::options_description& desc_par
   command_line::add_arg(desc_params, opts.password);
   command_line::add_arg(desc_params, opts.password_file);
   command_line::add_arg(desc_params, opts.daemon_port);
+  command_line::add_arg(desc_params, opts.daemon_login);
   command_line::add_arg(desc_params, opts.testnet);
   command_line::add_arg(desc_params, opts.restricted);
 }
@@ -485,11 +499,12 @@ std::pair<std::unique_ptr<wallet2>, password_container> wallet2::make_new(const
 }
 
 //----------------------------------------------------------------------------------------------------
-bool wallet2::init(std::string daemon_address, uint64_t upper_transaction_size_limit)
+bool wallet2::init(std::string daemon_address, boost::optional<epee::net_utils::http::login> daemon_login, uint64_t upper_transaction_size_limit)
 {
   m_upper_transaction_size_limit = upper_transaction_size_limit;
   m_daemon_address = std::move(daemon_address);
-  return m_http_client.set_server(get_daemon_address());
+  m_daemon_login = std::move(daemon_login);
+  return m_http_client.set_server(get_daemon_address(), get_daemon_login());
 }
 //----------------------------------------------------------------------------------------------------
 bool wallet2::is_deterministic() const
diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h
index 567292d30..9842ddf32 100644
--- a/src/wallet/wallet2.h
+++ b/src/wallet/wallet2.h
@@ -53,7 +53,7 @@
 #include "ringct/rctOps.h"
 
 #include "wallet_errors.h"
-#include "password_container.h"
+#include "common/password.h"
 #include "node_rpc_proxy.h"
 
 #include <iostream>
@@ -343,7 +343,8 @@ namespace tools
     // into account the current median block size rather than
     // the minimum block size.
     bool deinit();
-    bool init(std::string daemon_address = "http://localhost:8080", uint64_t upper_transaction_size_limit = 0);
+    bool init(std::string daemon_address = "http://localhost:8080",
+      boost::optional<epee::net_utils::http::login> daemon_login = boost::none, uint64_t upper_transaction_size_limit = 0);
 
     void stop() { m_run.store(false, std::memory_order_relaxed); }
 
@@ -527,6 +528,7 @@ namespace tools
     std::string get_wallet_file() const;
     std::string get_keys_file() const;
     std::string get_daemon_address() const;
+    const boost::optional<epee::net_utils::http::login>& get_daemon_login() const { return m_daemon_login; }
     uint64_t get_daemon_blockchain_height(std::string& err);
     uint64_t get_daemon_blockchain_target_height(std::string& err);
    /*!
@@ -619,6 +621,7 @@ namespace tools
     crypto::public_key get_tx_pub_key_from_received_outs(const tools::wallet2::transfer_details &td) const;
 
     cryptonote::account_base m_account;
+    boost::optional<epee::net_utils::http::login> m_daemon_login;
     std::string m_daemon_address;
     std::string m_wallet_file;
     std::string m_keys_file;
diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp
index 22f5f8bb6..76520c185 100644
--- a/src/wallet/wallet_rpc_server.cpp
+++ b/src/wallet/wallet_rpc_server.cpp
@@ -45,6 +45,7 @@ using namespace epee;
 #include "string_coding.h"
 #include "string_tools.h"
 #include "crypto/hash.h"
+#include "rpc/rpc_args.h"
 
 #undef MONERO_DEFAULT_LOG_CATEGORY
 #define MONERO_DEFAULT_LOG_CATEGORY "wallet.rpc"
@@ -52,10 +53,7 @@ using namespace epee;
 namespace
 {
   const command_line::arg_descriptor<std::string, true> arg_rpc_bind_port = {"rpc-bind-port", "Sets bind port for server"};
-  const command_line::arg_descriptor<std::string> arg_rpc_bind_ip = {"rpc-bind-ip", "Specify ip to bind rpc server", "127.0.0.1"};
-  const command_line::arg_descriptor<std::string> arg_rpc_login = {"rpc-login", "Specify username[:password] required for RPC connection"};
-  const command_line::arg_descriptor<bool> arg_disable_rpc_login = {"disable-rpc-login", "Disable HTTP authentication for RPC"};
-  const command_line::arg_descriptor<bool> arg_confirm_external_bind = {"confirm-external-bind", "Confirm rcp-bind-ip value is NOT a loopback (local) IP"};
+  const command_line::arg_descriptor<bool> arg_disable_rpc_login = {"disable-rpc-login", "Disable HTTP authentication for RPC connections served by this process"};
 
   constexpr const char default_rpc_username[] = "monero";
 }
@@ -107,75 +105,41 @@ namespace tools
   //------------------------------------------------------------------------------------------------------------------------------
   bool wallet_rpc_server::init(const boost::program_options::variables_map& vm)
   {
-    std::string bind_ip = command_line::get_arg(vm, arg_rpc_bind_ip);
-    if (!bind_ip.empty())
-    {
-      // always parse IP here for error consistency
-      boost::system::error_code ec{};
-      const auto parsed_ip = boost::asio::ip::address::from_string(bind_ip, ec);
-      if (ec)
-      {
-        LOG_ERROR(tr("Invalid IP address given for rpc-bind-ip argument"));
-        return false;
-      }
-
-      if (!parsed_ip.is_loopback() && !command_line::get_arg(vm, arg_confirm_external_bind))
-      {
-        LOG_ERROR(
-          tr("The rpc-bind-ip value is listening for unencrypted external connections. Consider SSH tunnel or SSL proxy instead. Override with --confirm-external-bind")
-        );
-        return false;
-      }
-    }
-
-    epee::net_utils::http::login login{};
+    auto rpc_config = cryptonote::rpc_args::process(vm);
+    if (!rpc_config)
+      return false;
 
+    boost::optional<epee::net_utils::http::login> http_login{};
+    std::string bind_port = command_line::get_arg(vm, arg_rpc_bind_port);
     const bool disable_auth = command_line::get_arg(vm, arg_disable_rpc_login);
-    const std::string user_pass = command_line::get_arg(vm, arg_rpc_login);
-    const std::string bind_port = command_line::get_arg(vm, arg_rpc_bind_port);
 
     if (disable_auth)
     {
-      if (!user_pass.empty())
+      if (rpc_config->login)
       {
-        LOG_ERROR(tr("Cannot specify --") << arg_disable_rpc_login.name << tr(" and --") << arg_rpc_login.name);
+        const cryptonote::rpc_args::descriptors arg{};
+        LOG_ERROR(tr("Cannot specify --") << arg_disable_rpc_login.name << tr(" and --") << arg.rpc_login.name);
         return false;
       }
     }
     else // auth enabled
     {
-      if (user_pass.empty())
+      if (!rpc_config->login)
       {
-        login.username = default_rpc_username;
-
         std::array<std::uint8_t, 16> rand_128bit{{}};
         crypto::rand(rand_128bit.size(), rand_128bit.data());
-        login.password = string_encoding::base64_encode(rand_128bit.data(), rand_128bit.size());
+        http_login.emplace(
+          default_rpc_username,
+          string_encoding::base64_encode(rand_128bit.data(), rand_128bit.size())
+        );
       }
-      else // user password
+      else
       {
-        const auto loc = user_pass.find(':');
-        login.username = user_pass.substr(0, loc);
-        if (loc != std::string::npos)
-        {
-          login.password = user_pass.substr(loc + 1);
-        }
-        else
-        {
-          login.password = tools::password_container::prompt(true, "RPC password").value_or(
-            tools::password_container{}
-          ).password();
-        }
-
-        if (login.username.empty() || login.password.empty())
-        {
-          LOG_ERROR(tr("Blank username or password not permitted for RPC authenticaion"));
-          return false;
-        }
+        http_login.emplace(
+          std::move(rpc_config->login->username), std::move(rpc_config->login->password).password()
+        );
       }
-
-      assert(!login.username.empty());
-      assert(!login.password.empty());
+      assert(bool(http_login));
 
       std::string temp = "monero-wallet-rpc." + bind_port + ".login";
       const auto cookie = tools::create_private_file(temp);
@@ -186,9 +150,9 @@ namespace tools
       }
       rpc_login_filename.swap(temp); // nothrow guarantee destructor cleanup
       temp = rpc_login_filename;
-      std::fputs(login.username.c_str(), cookie.get());
+      std::fputs(http_login->username.c_str(), cookie.get());
       std::fputc(':', cookie.get());
-      std::fputs(login.password.c_str(), cookie.get());
+      std::fputs(http_login->password.c_str(), cookie.get());
       std::fflush(cookie.get());
       if (std::ferror(cookie.get()))
       {
@@ -200,7 +164,7 @@ namespace tools
 
     m_net_server.set_threads_prefix("RPC");
     return epee::http_server_impl_base<wallet_rpc_server, connection_context>::init(
-      std::move(bind_port), std::move(bind_ip), std::string{}, boost::make_optional(!disable_auth, std::move(login))
+      std::move(bind_port), std::move(rpc_config->bind_ip), std::move(http_login)
     );
   }
   //------------------------------------------------------------------------------------------------------------------------------
@@ -1410,14 +1374,13 @@ int main(int argc, char** argv) {
 
   po::options_description desc_params(wallet_args::tr("Wallet options"));
   tools::wallet2::init_options(desc_params);
-  command_line::add_arg(desc_params, arg_rpc_bind_ip);
   command_line::add_arg(desc_params, arg_rpc_bind_port);
-  command_line::add_arg(desc_params, arg_rpc_login);
   command_line::add_arg(desc_params, arg_disable_rpc_login);
-  command_line::add_arg(desc_params, arg_confirm_external_bind);
+  cryptonote::rpc_args::init_options(desc_params);
   command_line::add_arg(desc_params, arg_wallet_file);
   command_line::add_arg(desc_params, arg_from_json);
 
+
   const auto vm = wallet_args::main(
     argc, argv,
     "monero-wallet-rpc [--wallet-file=<file>|--generate-from-json=<file>] [--rpc-bind-port=<port>]",