Add server auth to monerod, and client auth to wallet-cli and wallet-rpc

5 files changed, 186 insertions, 41 deletions

diff --git a/src/rpc/CMakeLists.txt b/src/rpc/CMakeLists.txt
index 6df93cde1..1f9c40209 100644
--- a/src/rpc/CMakeLists.txt
+++ b/src/rpc/CMakeLists.txt
@@ -27,9 +27,11 @@
 # THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 set(rpc_sources
-  core_rpc_server.cpp)
+  core_rpc_server.cpp
+  rpc_args.cpp)
 
-set(rpc_headers)
+set(rpc_headers
+  rpc_args.h)
 
 set(rpc_private_headers
   core_rpc_server.h
@@ -44,6 +46,7 @@ monero_add_library(rpc
   ${rpc_private_headers})
 target_link_libraries(rpc
   PUBLIC
+    common
     cryptonote_core
     cryptonote_protocol
     epee
diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp
index b2e8e6716..2b6b15403 100644
--- a/src/rpc/core_rpc_server.cpp
+++ b/src/rpc/core_rpc_server.cpp
@@ -38,6 +38,7 @@ using namespace epee;
 #include "cryptonote_core/cryptonote_basic_impl.h"
 #include "misc_language.h"
 #include "crypto/hash.h"
+#include "rpc/rpc_args.h"
 #include "core_rpc_server_error_codes.h"
 
 #define MAX_RESTRICTED_FAKE_OUTS_COUNT 40
@@ -49,11 +50,10 @@ namespace cryptonote
   //-----------------------------------------------------------------------------------
   void core_rpc_server::init_options(boost::program_options::options_description& desc)
   {
-    command_line::add_arg(desc, arg_rpc_bind_ip);
     command_line::add_arg(desc, arg_rpc_bind_port);
     command_line::add_arg(desc, arg_testnet_rpc_bind_port);
     command_line::add_arg(desc, arg_restricted_rpc);
-    command_line::add_arg(desc, arg_user_agent);
+    cryptonote::rpc_args::init_options(desc);
   }
   //------------------------------------------------------------------------------------------------------------------------------
   core_rpc_server::core_rpc_server(
@@ -64,29 +64,29 @@ namespace cryptonote
     , m_p2p(p2p)
   {}
   //------------------------------------------------------------------------------------------------------------------------------
-  bool core_rpc_server::handle_command_line(
+  bool core_rpc_server::init(
       const boost::program_options::variables_map& vm
     )
   {
+    m_testnet = command_line::get_arg(vm, command_line::arg_testnet_on);
+    m_net_server.set_threads_prefix("RPC");
+
     auto p2p_bind_arg = m_testnet ? arg_testnet_rpc_bind_port : arg_rpc_bind_port;
 
-    m_bind_ip = command_line::get_arg(vm, arg_rpc_bind_ip);
-    m_port = command_line::get_arg(vm, p2p_bind_arg);
+    auto rpc_config = cryptonote::rpc_args::process(vm);
+    if (!rpc_config)
+      return false;
+
     m_restricted = command_line::get_arg(vm, arg_restricted_rpc);
-    return true;
-  }
-  //------------------------------------------------------------------------------------------------------------------------------
-  bool core_rpc_server::init(
-      const boost::program_options::variables_map& vm
-    )
-  {
-    m_testnet = command_line::get_arg(vm, command_line::arg_testnet_on);
-    std::string m_user_agent = command_line::get_arg(vm, command_line::arg_user_agent);
 
-    m_net_server.set_threads_prefix("RPC");
-    bool r = handle_command_line(vm);
-    CHECK_AND_ASSERT_MES(r, false, "Failed to process command line in core_rpc_server");
-    return epee::http_server_impl_base<core_rpc_server, connection_context>::init(m_port, m_bind_ip, m_user_agent);
+    boost::optional<epee::net_utils::http::login> http_login{};
+    std::string port = command_line::get_arg(vm, p2p_bind_arg);
+    if (rpc_config->login)
+      http_login.emplace(std::move(rpc_config->login->username), std::move(rpc_config->login->password).password());
+
+    return epee::http_server_impl_base<core_rpc_server, connection_context>::init(
+      std::move(port), std::move(rpc_config->bind_ip), std::move(http_login)
+    );
   }
   //------------------------------------------------------------------------------------------------------------------------------
   bool core_rpc_server::check_core_busy()
@@ -1446,12 +1446,6 @@ namespace cryptonote
   }
   //------------------------------------------------------------------------------------------------------------------------------
 
-  const command_line::arg_descriptor<std::string> core_rpc_server::arg_rpc_bind_ip   = {
-      "rpc-bind-ip"
-    , "IP for RPC server"
-    , "127.0.0.1"
-    };
-
   const command_line::arg_descriptor<std::string> core_rpc_server::arg_rpc_bind_port = {
       "rpc-bind-port"
     , "Port for RPC server"
@@ -1469,11 +1463,4 @@ namespace cryptonote
     , "Restrict RPC to view only commands"
     , false
     };
-
-  const command_line::arg_descriptor<std::string> core_rpc_server::arg_user_agent = {
-      "user-agent"
-    , "Restrict RPC to clients using this user agent"
-    , ""
-    };
-
 }  // namespace cryptonote
diff --git a/src/rpc/core_rpc_server.h b/src/rpc/core_rpc_server.h
index 767bcc715..0421511a2 100644
--- a/src/rpc/core_rpc_server.h
+++ b/src/rpc/core_rpc_server.h
@@ -52,11 +52,9 @@ namespace cryptonote
   {
   public:
 
-    static const command_line::arg_descriptor<std::string> arg_rpc_bind_ip;
     static const command_line::arg_descriptor<std::string> arg_rpc_bind_port;
     static const command_line::arg_descriptor<std::string> arg_testnet_rpc_bind_port;
     static const command_line::arg_descriptor<bool> arg_restricted_rpc;
-    static const command_line::arg_descriptor<std::string> arg_user_agent;
 
     typedef epee::net_utils::connection_context_base connection_context;
 
@@ -175,10 +173,6 @@ namespace cryptonote
     //-----------------------
 
 private:
-
-    bool handle_command_line(
-        const boost::program_options::variables_map& vm
-      );
     bool check_core_busy();
     bool check_core_ready();
     
@@ -188,8 +182,6 @@ private:
     
     core& m_core;
     nodetool::node_server<cryptonote::t_cryptonote_protocol_handler<cryptonote::core> >& m_p2p;
-    std::string m_port;
-    std::string m_bind_ip;
     bool m_testnet;
     bool m_restricted;
   };
diff --git a/src/rpc/rpc_args.cpp b/src/rpc/rpc_args.cpp
new file mode 100644
index 000000000..79f3f7e12
--- /dev/null
+++ b/src/rpc/rpc_args.cpp
@@ -0,0 +1,96 @@
+// Copyright (c) 2014-2017, The Monero Project
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+#include "rpc_args.h"
+
+#include <boost/asio/ip/address.hpp>
+#include "common/command_line.h"
+#include "common/i18n.h"
+
+namespace cryptonote
+{
+  rpc_args::descriptors::descriptors()
+     : rpc_bind_ip({"rpc-bind-ip", rpc_args::tr("Specify ip to bind rpc server"), "127.0.0.1"})
+     , rpc_login({"rpc-login", rpc_args::tr("Specify username[:password] required for RPC server"), "", true})
+     , confirm_external_bind({"confirm-external-bind", rpc_args::tr("Confirm rcp-bind-ip value is NOT a loopback (local) IP")})
+  {}
+
+  const char* rpc_args::tr(const char* str) { return i18n_translate(str, "cryptonote::rpc_args"); }
+
+  void rpc_args::init_options(boost::program_options::options_description& desc)
+  {
+    const descriptors arg{};
+    command_line::add_arg(desc, arg.rpc_bind_ip);
+    command_line::add_arg(desc, arg.rpc_login);
+    command_line::add_arg(desc, arg.confirm_external_bind);
+  }
+
+  boost::optional<rpc_args> rpc_args::process(const boost::program_options::variables_map& vm)
+  {
+    const descriptors arg{};
+    rpc_args config{};
+    
+    config.bind_ip = command_line::get_arg(vm, arg.rpc_bind_ip);
+    if (!config.bind_ip.empty())
+    {
+      // always parse IP here for error consistency
+      boost::system::error_code ec{};
+      const auto parsed_ip = boost::asio::ip::address::from_string(config.bind_ip, ec);
+      if (ec)
+      {
+        LOG_ERROR(tr("Invalid IP address given for --") << arg.rpc_bind_ip.name);
+        return boost::none;
+      }
+
+      if (!parsed_ip.is_loopback() && !command_line::get_arg(vm, arg.confirm_external_bind))
+      {
+        LOG_ERROR(
+          "--" << arg.rpc_bind_ip.name <<
+          tr(" permits inbound unencrypted external connections. Consider SSH tunnel or SSL proxy instead. Override with --") <<
+          arg.confirm_external_bind.name
+        );
+        return boost::none;
+      }
+    }
+
+    if (command_line::has_arg(vm, arg.rpc_login))
+    {
+      config.login = tools::login::parse(command_line::get_arg(vm, arg.rpc_login), true, "RPC server password");
+      if (!config.login)
+        return boost::none;
+
+      if (config.login->username.empty())
+      {
+        LOG_ERROR(tr("Username specified with --") << arg.rpc_login.name << tr(" cannot be empty"));
+        return boost::none;
+      }
+    }
+
+    return {std::move(config)};
+  }
+}
diff --git a/src/rpc/rpc_args.h b/src/rpc/rpc_args.h
new file mode 100644
index 000000000..d6e7bab07
--- /dev/null
+++ b/src/rpc/rpc_args.h
@@ -0,0 +1,67 @@
+// Copyright (c) 2014-2017, The Monero Project
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+#pragma once
+
+#include <boost/optional/optional.hpp>
+#include <boost/program_options/options_description.hpp>
+#include <boost/program_options/variables_map.hpp>
+#include <string>
+
+#include "common/command_line.h"
+#include "common/password.h"
+
+namespace cryptonote
+{
+  //! Processes command line arguments related to server-side RPC
+  struct rpc_args
+  {
+    // non-static construction prevents initialization order issues
+    struct descriptors
+    {
+      descriptors();
+      descriptors(const descriptors&) = delete;
+      descriptors(descriptors&&) = delete;
+      descriptors& operator=(const descriptors&) = delete;
+      descriptors& operator=(descriptors&&) = delete;
+
+      const command_line::arg_descriptor<std::string> rpc_bind_ip;
+      const command_line::arg_descriptor<std::string> rpc_login;
+      const command_line::arg_descriptor<bool> confirm_external_bind;
+    };
+
+    static const char* tr(const char* str);
+    static void init_options(boost::program_options::options_description& desc);
+
+    //! \return Arguments specified by user, or `boost::none` if error
+    static boost::optional<rpc_args> process(const boost::program_options::variables_map& vm);
+
+    std::string bind_ip;
+    boost::optional<tools::login> login; // currently `boost::none` if unspecified by user
+  };
+}