aboutsummaryrefslogtreecommitdiff
path: root/src/common
diff options
context:
space:
mode:
authorLee Clagett <code@leeclagett.com>2017-02-05 17:48:03 -0500
committerLee Clagett <code@leeclagett.com>2017-02-06 01:15:41 -0500
commitce7fcbb4aea884bb4bf433cf419ffa267f859c87 (patch)
treee8fb644b62006d78f801d739fbebad50f2c2409d /src/common
parentMerge pull request #1669 (diff)
downloadmonero-ce7fcbb4aea884bb4bf433cf419ffa267f859c87.tar.xz
Add server auth to monerod, and client auth to wallet-cli and wallet-rpc
Diffstat (limited to 'src/common')
-rw-r--r--src/common/CMakeLists.txt3
-rw-r--r--src/common/command_line.cpp1
-rw-r--r--src/common/command_line.h1
-rw-r--r--src/common/common_fwd.h41
-rw-r--r--src/common/password.cpp271
-rw-r--r--src/common/password.h96
-rw-r--r--src/common/rpc_client.h6
7 files changed, 416 insertions, 3 deletions
diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
index dd17f6d64..a5d06f092 100644
--- a/src/common/CMakeLists.txt
+++ b/src/common/CMakeLists.txt
@@ -32,6 +32,7 @@ set(common_sources
dns_utils.cpp
util.cpp
i18n.cpp
+ password.cpp
perf_timer.cpp
task_region.cpp
thread_group.cpp)
@@ -46,6 +47,7 @@ set(common_private_headers
base58.h
boost_serialization_helper.h
command_line.h
+ common_fwd.h
dns_utils.h
http_connection.h
int-util.h
@@ -56,6 +58,7 @@ set(common_private_headers
util.h
varint.h
i18n.h
+ password.h
perf_timer.h
stack_trace.h
task_region.h
diff --git a/src/common/command_line.cpp b/src/common/command_line.cpp
index d95859256..c3df5c096 100644
--- a/src/common/command_line.cpp
+++ b/src/common/command_line.cpp
@@ -76,7 +76,6 @@ namespace command_line
const arg_descriptor<bool> arg_version = {"version", "Output version information"};
const arg_descriptor<std::string> arg_data_dir = {"data-dir", "Specify data directory"};
const arg_descriptor<std::string> arg_testnet_data_dir = {"testnet-data-dir", "Specify testnet data directory"};
- const arg_descriptor<std::string> arg_user_agent = {"user-agent", "Restrict RPC use to clients using this user agent"};
const arg_descriptor<bool> arg_test_drop_download = {"test-drop-download", "For net tests: in download, discard ALL blocks instead checking/saving them (very fast)"};
const arg_descriptor<uint64_t> arg_test_drop_download_height = {"test-drop-download-height", "Like test-drop-download but disards only after around certain height", 0};
const arg_descriptor<int> arg_test_dbg_lock_sleep = {"test-dbg-lock-sleep", "Sleep time in ms, defaults to 0 (off), used to debug before/after locking mutex. Values 100 to 1000 are good for tests."};
diff --git a/src/common/command_line.h b/src/common/command_line.h
index 3f0919e99..a09365a6b 100644
--- a/src/common/command_line.h
+++ b/src/common/command_line.h
@@ -207,7 +207,6 @@ namespace command_line
extern const arg_descriptor<bool> arg_version;
extern const arg_descriptor<std::string> arg_data_dir;
extern const arg_descriptor<std::string> arg_testnet_data_dir;
- extern const arg_descriptor<std::string> arg_user_agent;
extern const arg_descriptor<bool> arg_test_drop_download;
extern const arg_descriptor<uint64_t> arg_test_drop_download_height;
extern const arg_descriptor<int> arg_test_dbg_lock_sleep;
diff --git a/src/common/common_fwd.h b/src/common/common_fwd.h
new file mode 100644
index 000000000..5d67251b1
--- /dev/null
+++ b/src/common/common_fwd.h
@@ -0,0 +1,41 @@
+// Copyright (c) 2014-2017, The Monero Project
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+// conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+// of conditions and the following disclaimer in the documentation and/or other
+// materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+// used to endorse or promote products derived from this software without specific
+// prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
+
+#pragma once
+
+namespace tools
+{
+ class DNSResolver;
+ struct login;
+ class password_container;
+ class t_http_connection;
+ class task_region;
+ class thread_group;
+}
diff --git a/src/common/password.cpp b/src/common/password.cpp
new file mode 100644
index 000000000..bdc9c69c0
--- /dev/null
+++ b/src/common/password.cpp
@@ -0,0 +1,271 @@
+// Copyright (c) 2014-2017, The Monero Project
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+// conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+// of conditions and the following disclaimer in the documentation and/or other
+// materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+// used to endorse or promote products derived from this software without specific
+// prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
+
+#include "password.h"
+
+#include <iostream>
+#include <memory.h>
+#include <stdio.h>
+
+#if defined(_WIN32)
+#include <io.h>
+#include <windows.h>
+#else
+#include <termios.h>
+#include <unistd.h>
+#endif
+
+namespace
+{
+#if defined(_WIN32)
+ bool is_cin_tty() noexcept
+ {
+ return 0 != _isatty(_fileno(stdin));
+ }
+
+ bool read_from_tty(std::string& pass)
+ {
+ static constexpr const char BACKSPACE = 8;
+
+ HANDLE h_cin = ::GetStdHandle(STD_INPUT_HANDLE);
+
+ DWORD mode_old;
+ ::GetConsoleMode(h_cin, &mode_old);
+ DWORD mode_new = mode_old & ~(ENABLE_ECHO_INPUT | ENABLE_LINE_INPUT);
+ ::SetConsoleMode(h_cin, mode_new);
+
+ bool r = true;
+ pass.reserve(tools::password_container::max_password_size);
+ while (pass.size() < tools::password_container::max_password_size)
+ {
+ DWORD read;
+ char ch;
+ r = (TRUE == ::ReadConsoleA(h_cin, &ch, 1, &read, NULL));
+ r &= (1 == read);
+ if (!r)
+ {
+ break;
+ }
+ else if (ch == '\n' || ch == '\r')
+ {
+ std::cout << std::endl;
+ break;
+ }
+ else if (ch == BACKSPACE)
+ {
+ if (!pass.empty())
+ {
+ pass.back() = '\0';
+ pass.resize(pass.size() - 1);
+ std::cout << "\b \b";
+ }
+ }
+ else
+ {
+ pass.push_back(ch);
+ std::cout << '*';
+ }
+ }
+
+ ::SetConsoleMode(h_cin, mode_old);
+
+ return r;
+ }
+
+#else // end WIN32
+
+ bool is_cin_tty() noexcept
+ {
+ return 0 != isatty(fileno(stdin));
+ }
+
+ int getch() noexcept
+ {
+ struct termios tty_old;
+ tcgetattr(STDIN_FILENO, &tty_old);
+
+ struct termios tty_new;
+ tty_new = tty_old;
+ tty_new.c_lflag &= ~(ICANON | ECHO);
+ tcsetattr(STDIN_FILENO, TCSANOW, &tty_new);
+
+ int ch = getchar();
+
+ tcsetattr(STDIN_FILENO, TCSANOW, &tty_old);
+
+ return ch;
+ }
+
+ bool read_from_tty(std::string& aPass)
+ {
+ static constexpr const char BACKSPACE = 127;
+
+ aPass.reserve(tools::password_container::max_password_size);
+ while (aPass.size() < tools::password_container::max_password_size)
+ {
+ int ch = getch();
+ if (EOF == ch)
+ {
+ return false;
+ }
+ else if (ch == '\n' || ch == '\r')
+ {
+ std::cout << std::endl;
+ break;
+ }
+ else if (ch == BACKSPACE)
+ {
+ if (!aPass.empty())
+ {
+ aPass.back() = '\0';
+ aPass.resize(aPass.size() - 1);
+ std::cout << "\b \b";
+ }
+ }
+ else
+ {
+ aPass.push_back(ch);
+ std::cout << '*';
+ }
+ }
+
+ return true;
+ }
+
+#endif // end !WIN32
+
+ void clear(std::string& pass) noexcept
+ {
+ //! TODO Call a memory wipe function that hopefully is not optimized out
+ pass.replace(0, pass.capacity(), pass.capacity(), '\0');
+ pass.clear();
+ }
+
+ bool read_from_tty(const bool verify, const char *message, std::string& pass1, std::string& pass2)
+ {
+ while (true)
+ {
+ if (message)
+ std::cout << message <<": ";
+ if (!read_from_tty(pass1))
+ return false;
+ if (verify)
+ {
+ std::cout << "Confirm Password: ";
+ if (!read_from_tty(pass2))
+ return false;
+ if(pass1!=pass2)
+ {
+ std::cout << "Passwords do not match! Please try again." << std::endl;
+ clear(pass1);
+ clear(pass2);
+ }
+ else //new password matches
+ return true;
+ }
+ else
+ return true;
+ //No need to verify password entered at this point in the code
+ }
+
+ return false;
+ }
+
+ bool read_from_file(std::string& pass)
+ {
+ pass.reserve(tools::password_container::max_password_size);
+ for (size_t i = 0; i < tools::password_container::max_password_size; ++i)
+ {
+ char ch = static_cast<char>(std::cin.get());
+ if (std::cin.eof() || ch == '\n' || ch == '\r')
+ {
+ break;
+ }
+ else if (std::cin.fail())
+ {
+ return false;
+ }
+ else
+ {
+ pass.push_back(ch);
+ }
+ }
+ return true;
+ }
+
+} // anonymous namespace
+
+namespace tools
+{
+ // deleted via private member
+ password_container::password_container() noexcept : m_password() {}
+ password_container::password_container(std::string&& password) noexcept
+ : m_password(std::move(password))
+ {
+ }
+
+ password_container::~password_container() noexcept
+ {
+ clear(m_password);
+ }
+
+ boost::optional<password_container> password_container::prompt(const bool verify, const char *message)
+ {
+ password_container pass1{};
+ password_container pass2{};
+ if (is_cin_tty() ? read_from_tty(verify, message, pass1.m_password, pass2.m_password) : read_from_file(pass1.m_password))
+ return {std::move(pass1)};
+
+ return boost::none;
+ }
+
+ boost::optional<login> login::parse(std::string&& userpass, bool verify, const char* message)
+ {
+ login out{};
+ password_container wipe{std::move(userpass)};
+
+ const auto loc = wipe.password().find(':');
+ if (loc == std::string::npos)
+ {
+ auto result = tools::password_container::prompt(verify, message);
+ if (!result)
+ return boost::none;
+
+ out.password = std::move(*result);
+ }
+ else
+ {
+ out.password = password_container{wipe.password().substr(loc + 1)};
+ }
+
+ out.username = wipe.password().substr(0, loc);
+ return {std::move(out)};
+ }
+}
diff --git a/src/common/password.h b/src/common/password.h
new file mode 100644
index 000000000..12f715df4
--- /dev/null
+++ b/src/common/password.h
@@ -0,0 +1,96 @@
+// Copyright (c) 2014-2017, The Monero Project
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+// conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+// of conditions and the following disclaimer in the documentation and/or other
+// materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+// used to endorse or promote products derived from this software without specific
+// prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
+
+#pragma once
+
+#include <string>
+#include <boost/optional/optional.hpp>
+
+namespace tools
+{
+ class password_container
+ {
+ public:
+ static constexpr const size_t max_password_size = 1024;
+
+ //! Empty password
+ password_container() noexcept;
+
+ //! `password` is used as password
+ password_container(std::string&& password) noexcept;
+
+ //! \return A password from stdin TTY prompt or `std::cin` pipe.
+ static boost::optional<password_container> prompt(bool verify, const char *mesage = "Password");
+
+ password_container(const password_container&) = delete;
+ password_container(password_container&& rhs) = default;
+
+ //! Wipes internal password
+ ~password_container() noexcept;
+
+ password_container& operator=(const password_container&) = delete;
+ password_container& operator=(password_container&&) = default;
+
+ const std::string& password() const noexcept { return m_password; }
+
+ private:
+ //! TODO Custom allocator that locks to RAM?
+ std::string m_password;
+ };
+
+ struct login
+ {
+ login() = default;
+
+ /*!
+ Extracts username and password from the format `username:password`. A
+ blank username or password is allowed. If the `:` character is not
+ present, `password_container::prompt` will be called by forwarding the
+ `verify` and `message` arguments.
+
+ \param userpass Is "consumed", and the memory contents are wiped.
+ \param verify is passed to `password_container::prompt` if necessary.
+ \param message is passed to `password_container::prompt` if necessary.
+
+ \return The username and password, or boost::none if
+ `password_container::prompt` fails.
+ */
+ static boost::optional<login> parse(std::string&& userpass, bool verify, const char* message = "Password");
+
+ login(const login&) = delete;
+ login(login&&) = default;
+ ~login() = default;
+ login& operator=(const login&) = delete;
+ login& operator=(login&&) = default;
+
+ std::string username;
+ password_container password;
+ };
+}
diff --git a/src/common/rpc_client.h b/src/common/rpc_client.h
index f5ecc8b50..40c103bf3 100644
--- a/src/common/rpc_client.h
+++ b/src/common/rpc_client.h
@@ -28,10 +28,13 @@
#pragma once
+#include <boost/optional/optional.hpp>
+
#include "common/http_connection.h"
#include "common/scoped_message_writer.h"
#include "rpc/core_rpc_server_commands_defs.h"
#include "storages/http_abstract_invoke.h"
+#include "net/http_auth.h"
#include "net/http_client.h"
#include "string_tools.h"
@@ -45,11 +48,12 @@ namespace tools
t_rpc_client(
uint32_t ip
, uint16_t port
+ , boost::optional<epee::net_utils::http::login> user
)
: m_http_client{}
{
m_http_client.set_server(
- epee::string_tools::get_ip_string_from_int32(ip), std::to_string(port)
+ epee::string_tools::get_ip_string_from_int32(ip), std::to_string(port), std::move(user)
);
}