diff options
| author | Riccardo Spagni <ric@spagni.net> | 2017-02-11 00:35:25 +0200 |
|---|---|---|
| committer | Riccardo Spagni <ric@spagni.net> | 2017-02-11 00:35:25 +0200 |
| commit | eacf2124b6822d088199179b18d4587404408e0f (patch) | |
| tree | 48982250b525de443794c218d5386df03e728965 /src/wallet | |
| parent | Merge pull request #1686 (diff) | |
| parent | Add server auth to monerod, and client auth to wallet-cli and wallet-rpc (diff) | |
| download | monero-eacf2124b6822d088199179b18d4587404408e0f.tar.xz | |
Merge pull request #1689
ce7fcbb4 Add server auth to monerod, and client auth to wallet-cli and wallet-rpc (Lee Clagett)
Diffstat (limited to 'src/wallet')
| -rw-r--r-- | src/wallet/CMakeLists.txt | 3 | ||||
| -rw-r--r-- | src/wallet/api/wallet.cpp | 2 | ||||
| -rw-r--r-- | src/wallet/api/wallet_manager.cpp | 2 | ||||
| -rw-r--r-- | src/wallet/password_container.cpp | 248 | ||||
| -rw-r--r-- | src/wallet/password_container.h | 67 | ||||
| -rw-r--r-- | src/wallet/wallet2.cpp | 21 | ||||
| -rw-r--r-- | src/wallet/wallet2.h | 7 | ||||
| -rw-r--r-- | src/wallet/wallet_rpc_server.cpp | 87 |
8 files changed, 51 insertions, 386 deletions
diff --git a/src/wallet/CMakeLists.txt b/src/wallet/CMakeLists.txt index 922464a3c..8626001ce 100644 --- a/src/wallet/CMakeLists.txt +++ b/src/wallet/CMakeLists.txt @@ -31,7 +31,6 @@ set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib) set(wallet_sources - password_container.cpp wallet2.cpp wallet_args.cpp node_rpc_proxy.cpp @@ -49,7 +48,6 @@ set(wallet_api_headers set(wallet_private_headers - password_container.h wallet2.h wallet_args.h wallet_errors.h @@ -74,6 +72,7 @@ monero_add_library(wallet ${wallet_private_headers}) target_link_libraries(wallet PUBLIC + common cryptonote_core mnemonics p2p diff --git a/src/wallet/api/wallet.cpp b/src/wallet/api/wallet.cpp index 2524107c4..c46de6b06 100644 --- a/src/wallet/api/wallet.cpp +++ b/src/wallet/api/wallet.cpp @@ -1360,7 +1360,7 @@ bool WalletImpl::isNewWallet() const bool WalletImpl::doInit(const string &daemon_address, uint64_t upper_transaction_size_limit) { - if (!m_wallet->init(daemon_address, upper_transaction_size_limit)) + if (!m_wallet->init(daemon_address, boost::none, upper_transaction_size_limit)) return false; // in case new wallet, this will force fast-refresh (pulling hashes instead of blocks) diff --git a/src/wallet/api/wallet_manager.cpp b/src/wallet/api/wallet_manager.cpp index c761cc6d2..4104e7884 100644 --- a/src/wallet/api/wallet_manager.cpp +++ b/src/wallet/api/wallet_manager.cpp @@ -48,7 +48,7 @@ namespace { bool connect_and_invoke(const std::string& address, const std::string& path, const Request& request, Response& response) { epee::net_utils::http::http_simple_client client{}; - return client.set_server(address) && epee::net_utils::invoke_http_json(path, request, response, client); + return client.set_server(address, boost::none) && epee::net_utils::invoke_http_json(path, request, response, client); } } diff --git a/src/wallet/password_container.cpp b/src/wallet/password_container.cpp deleted file mode 100644 index 832b93a1a..000000000 --- a/src/wallet/password_container.cpp +++ /dev/null @@ -1,248 +0,0 @@ -// Copyright (c) 2014-2016, The Monero Project -// -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without modification, are -// permitted provided that the following conditions are met: -// -// 1. Redistributions of source code must retain the above copyright notice, this list of -// conditions and the following disclaimer. -// -// 2. Redistributions in binary form must reproduce the above copyright notice, this list -// of conditions and the following disclaimer in the documentation and/or other -// materials provided with the distribution. -// -// 3. Neither the name of the copyright holder nor the names of its contributors may be -// used to endorse or promote products derived from this software without specific -// prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY -// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL -// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF -// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -// -// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers - -#include "password_container.h" - -#include <iostream> -#include <memory.h> -#include <stdio.h> - -#if defined(_WIN32) -#include <io.h> -#include <windows.h> -#else -#include <termios.h> -#include <unistd.h> -#endif - -namespace -{ -#if defined(_WIN32) - bool is_cin_tty() noexcept - { - return 0 != _isatty(_fileno(stdin)); - } - - bool read_from_tty(std::string& pass) - { - static constexpr const char BACKSPACE = 8; - - HANDLE h_cin = ::GetStdHandle(STD_INPUT_HANDLE); - - DWORD mode_old; - ::GetConsoleMode(h_cin, &mode_old); - DWORD mode_new = mode_old & ~(ENABLE_ECHO_INPUT | ENABLE_LINE_INPUT); - ::SetConsoleMode(h_cin, mode_new); - - bool r = true; - pass.reserve(tools::password_container::max_password_size); - while (pass.size() < tools::password_container::max_password_size) - { - DWORD read; - char ch; - r = (TRUE == ::ReadConsoleA(h_cin, &ch, 1, &read, NULL)); - r &= (1 == read); - if (!r) - { - break; - } - else if (ch == '\n' || ch == '\r') - { - std::cout << std::endl; - break; - } - else if (ch == BACKSPACE) - { - if (!pass.empty()) - { - pass.back() = '\0'; - pass.resize(pass.size() - 1); - std::cout << "\b \b"; - } - } - else - { - pass.push_back(ch); - std::cout << '*'; - } - } - - ::SetConsoleMode(h_cin, mode_old); - - return r; - } - -#else // end WIN32 - - bool is_cin_tty() noexcept - { - return 0 != isatty(fileno(stdin)); - } - - int getch() noexcept - { - struct termios tty_old; - tcgetattr(STDIN_FILENO, &tty_old); - - struct termios tty_new; - tty_new = tty_old; - tty_new.c_lflag &= ~(ICANON | ECHO); - tcsetattr(STDIN_FILENO, TCSANOW, &tty_new); - - int ch = getchar(); - - tcsetattr(STDIN_FILENO, TCSANOW, &tty_old); - - return ch; - } - - bool read_from_tty(std::string& aPass) - { - static constexpr const char BACKSPACE = 127; - - aPass.reserve(tools::password_container::max_password_size); - while (aPass.size() < tools::password_container::max_password_size) - { - int ch = getch(); - if (EOF == ch) - { - return false; - } - else if (ch == '\n' || ch == '\r') - { - std::cout << std::endl; - break; - } - else if (ch == BACKSPACE) - { - if (!aPass.empty()) - { - aPass.back() = '\0'; - aPass.resize(aPass.size() - 1); - std::cout << "\b \b"; - } - } - else - { - aPass.push_back(ch); - std::cout << '*'; - } - } - - return true; - } - -#endif // end !WIN32 - - void clear(std::string& pass) noexcept - { - //! TODO Call a memory wipe function that hopefully is not optimized out - pass.replace(0, pass.capacity(), pass.capacity(), '\0'); - pass.clear(); - } - - bool read_from_tty(const bool verify, const char *message, std::string& pass1, std::string& pass2) - { - while (true) - { - if (message) - std::cout << message <<": "; - if (!read_from_tty(pass1)) - return false; - if (verify) - { - std::cout << "Confirm Password: "; - if (!read_from_tty(pass2)) - return false; - if(pass1!=pass2) - { - std::cout << "Passwords do not match! Please try again." << std::endl; - clear(pass1); - clear(pass2); - } - else //new password matches - return true; - } - else - return true; - //No need to verify password entered at this point in the code - } - - return false; - } - - bool read_from_file(std::string& pass) - { - pass.reserve(tools::password_container::max_password_size); - for (size_t i = 0; i < tools::password_container::max_password_size; ++i) - { - char ch = static_cast<char>(std::cin.get()); - if (std::cin.eof() || ch == '\n' || ch == '\r') - { - break; - } - else if (std::cin.fail()) - { - return false; - } - else - { - pass.push_back(ch); - } - } - return true; - } - -} // anonymous namespace - -namespace tools -{ - // deleted via private member - password_container::password_container() noexcept : m_password() {} - password_container::password_container(std::string&& password) noexcept - : m_password(std::move(password)) - { - } - - password_container::~password_container() noexcept - { - clear(m_password); - } - - boost::optional<password_container> password_container::prompt(const bool verify, const char *message) - { - password_container pass1{}; - password_container pass2{}; - if (is_cin_tty() ? read_from_tty(verify, message, pass1.m_password, pass2.m_password) : read_from_file(pass1.m_password)) - return {std::move(pass1)}; - - return boost::none; - } -} diff --git a/src/wallet/password_container.h b/src/wallet/password_container.h deleted file mode 100644 index 9c6faf9c8..000000000 --- a/src/wallet/password_container.h +++ /dev/null @@ -1,67 +0,0 @@ -// Copyright (c) 2014-2016, The Monero Project -// -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without modification, are -// permitted provided that the following conditions are met: -// -// 1. Redistributions of source code must retain the above copyright notice, this list of -// conditions and the following disclaimer. -// -// 2. Redistributions in binary form must reproduce the above copyright notice, this list -// of conditions and the following disclaimer in the documentation and/or other -// materials provided with the distribution. -// -// 3. Neither the name of the copyright holder nor the names of its contributors may be -// used to endorse or promote products derived from this software without specific -// prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY -// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL -// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF -// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -// -// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers - -#pragma once - -#include <string> -#include <boost/optional/optional.hpp> - -namespace tools -{ - class password_container - { - public: - static constexpr const size_t max_password_size = 1024; - - //! Empty password - password_container() noexcept; - - //! `password` is used as password - password_container(std::string&& password) noexcept; - - //! \return A password from stdin TTY prompt or `std::cin` pipe. - static boost::optional<password_container> prompt(bool verify, const char *mesage = "Password"); - - password_container(const password_container&) = delete; - password_container(password_container&& rhs) = default; - - //! Wipes internal password - ~password_container() noexcept; - - password_container& operator=(const password_container&) = delete; - password_container& operator=(password_container&&) = default; - - const std::string& password() const noexcept { return m_password; } - - private: - //! TODO Custom allocator that locks to RAM? - std::string m_password; - }; -} diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp index 093237880..e7a175dc7 100644 --- a/src/wallet/wallet2.cpp +++ b/src/wallet/wallet2.cpp @@ -108,6 +108,7 @@ struct options { const command_line::arg_descriptor<std::string> password = {"password", tools::wallet2::tr("Wallet password"), "", true}; const command_line::arg_descriptor<std::string> password_file = {"password-file", tools::wallet2::tr("Wallet password file"), "", true}; const command_line::arg_descriptor<int> daemon_port = {"daemon-port", tools::wallet2::tr("Use daemon instance at port <arg> instead of 18081"), 0}; + const command_line::arg_descriptor<std::string> daemon_login = {"daemon-login", tools::wallet2::tr("Specify username[:password] for daemon RPC client"), "", true}; const command_line::arg_descriptor<bool> testnet = {"testnet", tools::wallet2::tr("For testnet. Daemon must also be launched with --testnet flag"), false}; const command_line::arg_descriptor<bool> restricted = {"restricted-rpc", tools::wallet2::tr("Restricts to view-only commands"), false}; }; @@ -152,6 +153,18 @@ std::unique_ptr<tools::wallet2> make_basic(const boost::program_options::variabl return nullptr; } + boost::optional<epee::net_utils::http::login> login{}; + if (command_line::has_arg(vm, opts.daemon_login)) + { + auto parsed = tools::login::parse( + command_line::get_arg(vm, opts.daemon_login), false, "Daemon client password" + ); + if (!parsed) + return nullptr; + + login.emplace(std::move(parsed->username), std::move(parsed->password).password()); + } + if (daemon_host.empty()) daemon_host = "localhost"; @@ -164,7 +177,7 @@ std::unique_ptr<tools::wallet2> make_basic(const boost::program_options::variabl daemon_address = std::string("http://") + daemon_host + ":" + std::to_string(daemon_port); std::unique_ptr<tools::wallet2> wallet(new tools::wallet2(testnet, restricted)); - wallet->init(std::move(daemon_address)); + wallet->init(std::move(daemon_address), std::move(login)); return wallet; } @@ -434,6 +447,7 @@ void wallet2::init_options(boost::program_options::options_description& desc_par command_line::add_arg(desc_params, opts.password); command_line::add_arg(desc_params, opts.password_file); command_line::add_arg(desc_params, opts.daemon_port); + command_line::add_arg(desc_params, opts.daemon_login); command_line::add_arg(desc_params, opts.testnet); command_line::add_arg(desc_params, opts.restricted); } @@ -485,13 +499,14 @@ std::pair<std::unique_ptr<wallet2>, password_container> wallet2::make_new(const } //---------------------------------------------------------------------------------------------------- -bool wallet2::init(std::string daemon_address, uint64_t upper_transaction_size_limit) +bool wallet2::init(std::string daemon_address, boost::optional<epee::net_utils::http::login> daemon_login, uint64_t upper_transaction_size_limit) { if(m_http_client.is_connected()) m_http_client.disconnect(); m_upper_transaction_size_limit = upper_transaction_size_limit; m_daemon_address = std::move(daemon_address); - return m_http_client.set_server(get_daemon_address()); + m_daemon_login = std::move(daemon_login); + return m_http_client.set_server(get_daemon_address(), get_daemon_login()); } //---------------------------------------------------------------------------------------------------- bool wallet2::is_deterministic() const diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h index 9b68acc98..dba9a400d 100644 --- a/src/wallet/wallet2.h +++ b/src/wallet/wallet2.h @@ -54,7 +54,7 @@ #include "ringct/rctOps.h" #include "wallet_errors.h" -#include "password_container.h" +#include "common/password.h" #include "node_rpc_proxy.h" #include <iostream> @@ -344,7 +344,8 @@ namespace tools // into account the current median block size rather than // the minimum block size. bool deinit(); - bool init(std::string daemon_address = "http://localhost:8080", uint64_t upper_transaction_size_limit = 0); + bool init(std::string daemon_address = "http://localhost:8080", + boost::optional<epee::net_utils::http::login> daemon_login = boost::none, uint64_t upper_transaction_size_limit = 0); void stop() { m_run.store(false, std::memory_order_relaxed); } @@ -528,6 +529,7 @@ namespace tools std::string get_wallet_file() const; std::string get_keys_file() const; std::string get_daemon_address() const; + const boost::optional<epee::net_utils::http::login>& get_daemon_login() const { return m_daemon_login; } uint64_t get_daemon_blockchain_height(std::string& err); uint64_t get_daemon_blockchain_target_height(std::string& err); /*! @@ -620,6 +622,7 @@ namespace tools crypto::public_key get_tx_pub_key_from_received_outs(const tools::wallet2::transfer_details &td) const; cryptonote::account_base m_account; + boost::optional<epee::net_utils::http::login> m_daemon_login; std::string m_daemon_address; std::string m_wallet_file; std::string m_keys_file; diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp index cf0d252e8..881279e42 100644 --- a/src/wallet/wallet_rpc_server.cpp +++ b/src/wallet/wallet_rpc_server.cpp @@ -45,6 +45,7 @@ using namespace epee; #include "string_coding.h" #include "string_tools.h" #include "crypto/hash.h" +#include "rpc/rpc_args.h" #undef MONERO_DEFAULT_LOG_CATEGORY #define MONERO_DEFAULT_LOG_CATEGORY "wallet.rpc" @@ -52,10 +53,7 @@ using namespace epee; namespace { const command_line::arg_descriptor<std::string, true> arg_rpc_bind_port = {"rpc-bind-port", "Sets bind port for server"}; - const command_line::arg_descriptor<std::string> arg_rpc_bind_ip = {"rpc-bind-ip", "Specify ip to bind rpc server", "127.0.0.1"}; - const command_line::arg_descriptor<std::string> arg_rpc_login = {"rpc-login", "Specify username[:password] required for RPC connection"}; - const command_line::arg_descriptor<bool> arg_disable_rpc_login = {"disable-rpc-login", "Disable HTTP authentication for RPC"}; - const command_line::arg_descriptor<bool> arg_confirm_external_bind = {"confirm-external-bind", "Confirm rcp-bind-ip value is NOT a loopback (local) IP"}; + const command_line::arg_descriptor<bool> arg_disable_rpc_login = {"disable-rpc-login", "Disable HTTP authentication for RPC connections served by this process"}; constexpr const char default_rpc_username[] = "monero"; } @@ -107,75 +105,41 @@ namespace tools //------------------------------------------------------------------------------------------------------------------------------ bool wallet_rpc_server::init(const boost::program_options::variables_map& vm) { - std::string bind_ip = command_line::get_arg(vm, arg_rpc_bind_ip); - if (!bind_ip.empty()) - { - // always parse IP here for error consistency - boost::system::error_code ec{}; - const auto parsed_ip = boost::asio::ip::address::from_string(bind_ip, ec); - if (ec) - { - LOG_ERROR(tr("Invalid IP address given for rpc-bind-ip argument")); - return false; - } - - if (!parsed_ip.is_loopback() && !command_line::get_arg(vm, arg_confirm_external_bind)) - { - LOG_ERROR( - tr("The rpc-bind-ip value is listening for unencrypted external connections. Consider SSH tunnel or SSL proxy instead. Override with --confirm-external-bind") - ); - return false; - } - } - - epee::net_utils::http::login login{}; + auto rpc_config = cryptonote::rpc_args::process(vm); + if (!rpc_config) + return false; + boost::optional<epee::net_utils::http::login> http_login{}; + std::string bind_port = command_line::get_arg(vm, arg_rpc_bind_port); const bool disable_auth = command_line::get_arg(vm, arg_disable_rpc_login); - const std::string user_pass = command_line::get_arg(vm, arg_rpc_login); - const std::string bind_port = command_line::get_arg(vm, arg_rpc_bind_port); if (disable_auth) { - if (!user_pass.empty()) + if (rpc_config->login) { - LOG_ERROR(tr("Cannot specify --") << arg_disable_rpc_login.name << tr(" and --") << arg_rpc_login.name); + const cryptonote::rpc_args::descriptors arg{}; + LOG_ERROR(tr("Cannot specify --") << arg_disable_rpc_login.name << tr(" and --") << arg.rpc_login.name); return false; } } else // auth enabled { - if (user_pass.empty()) + if (!rpc_config->login) { - login.username = default_rpc_username; - std::array<std::uint8_t, 16> rand_128bit{{}}; crypto::rand(rand_128bit.size(), rand_128bit.data()); - login.password = string_encoding::base64_encode(rand_128bit.data(), rand_128bit.size()); + http_login.emplace( + default_rpc_username, + string_encoding::base64_encode(rand_128bit.data(), rand_128bit.size()) + ); } - else // user password + else { - const auto loc = user_pass.find(':'); - login.username = user_pass.substr(0, loc); - if (loc != std::string::npos) - { - login.password = user_pass.substr(loc + 1); - } - else - { - login.password = tools::password_container::prompt(true, "RPC password").value_or( - tools::password_container{} - ).password(); - } - - if (login.username.empty() || login.password.empty()) - { - LOG_ERROR(tr("Blank username or password not permitted for RPC authenticaion")); - return false; - } + http_login.emplace( + std::move(rpc_config->login->username), std::move(rpc_config->login->password).password() + ); } - - assert(!login.username.empty()); - assert(!login.password.empty()); + assert(bool(http_login)); std::string temp = "monero-wallet-rpc." + bind_port + ".login"; const auto cookie = tools::create_private_file(temp); @@ -186,9 +150,9 @@ namespace tools } rpc_login_filename.swap(temp); // nothrow guarantee destructor cleanup temp = rpc_login_filename; - std::fputs(login.username.c_str(), cookie.get()); + std::fputs(http_login->username.c_str(), cookie.get()); std::fputc(':', cookie.get()); - std::fputs(login.password.c_str(), cookie.get()); + std::fputs(http_login->password.c_str(), cookie.get()); std::fflush(cookie.get()); if (std::ferror(cookie.get())) { @@ -200,7 +164,7 @@ namespace tools m_net_server.set_threads_prefix("RPC"); return epee::http_server_impl_base<wallet_rpc_server, connection_context>::init( - std::move(bind_port), std::move(bind_ip), std::string{}, boost::make_optional(!disable_auth, std::move(login)) + std::move(bind_port), std::move(rpc_config->bind_ip), std::move(http_login) ); } //------------------------------------------------------------------------------------------------------------------------------ @@ -1410,14 +1374,13 @@ int main(int argc, char** argv) { po::options_description desc_params(wallet_args::tr("Wallet options")); tools::wallet2::init_options(desc_params); - command_line::add_arg(desc_params, arg_rpc_bind_ip); command_line::add_arg(desc_params, arg_rpc_bind_port); - command_line::add_arg(desc_params, arg_rpc_login); command_line::add_arg(desc_params, arg_disable_rpc_login); - command_line::add_arg(desc_params, arg_confirm_external_bind); + cryptonote::rpc_args::init_options(desc_params); command_line::add_arg(desc_params, arg_wallet_file); command_line::add_arg(desc_params, arg_from_json); + const auto vm = wallet_args::main( argc, argv, "monero-wallet-rpc [--wallet-file=<file>|--generate-from-json=<file>] [--rpc-bind-port=<port>]", |