aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLee Clagett <code@leeclagett.com>2017-02-05 17:48:03 -0500
committerLee Clagett <code@leeclagett.com>2017-02-06 01:15:41 -0500
commitce7fcbb4aea884bb4bf433cf419ffa267f859c87 (patch)
treee8fb644b62006d78f801d739fbebad50f2c2409d /src
parentMerge pull request #1669 (diff)
downloadmonero-ce7fcbb4aea884bb4bf433cf419ffa267f859c87.tar.xz
Add server auth to monerod, and client auth to wallet-cli and wallet-rpc
Diffstat (limited to '')
-rw-r--r--src/common/CMakeLists.txt3
-rw-r--r--src/common/command_line.cpp1
-rw-r--r--src/common/command_line.h1
-rw-r--r--src/common/common_fwd.h41
-rw-r--r--src/common/password.cpp (renamed from src/wallet/password_container.cpp)27
-rw-r--r--src/common/password.h (renamed from src/wallet/password_container.h)31
-rw-r--r--src/common/rpc_client.h6
-rw-r--r--src/daemon/command_parser_executor.cpp4
-rw-r--r--src/daemon/command_parser_executor.h5
-rw-r--r--src/daemon/command_server.cpp4
-rw-r--r--src/daemon/command_server.h4
-rw-r--r--src/daemon/daemon.cpp4
-rw-r--r--src/daemon/main.cpp21
-rw-r--r--src/daemon/rpc_command_executor.cpp8
-rw-r--r--src/daemon/rpc_command_executor.h5
-rw-r--r--src/rpc/CMakeLists.txt7
-rw-r--r--src/rpc/core_rpc_server.cpp49
-rw-r--r--src/rpc/core_rpc_server.h8
-rw-r--r--src/rpc/rpc_args.cpp96
-rw-r--r--src/rpc/rpc_args.h67
-rw-r--r--src/simplewallet/simplewallet.cpp2
-rw-r--r--src/simplewallet/simplewallet.h2
-rw-r--r--src/wallet/CMakeLists.txt3
-rw-r--r--src/wallet/api/wallet.cpp2
-rw-r--r--src/wallet/api/wallet_manager.cpp2
-rw-r--r--src/wallet/wallet2.cpp21
-rw-r--r--src/wallet/wallet2.h7
-rw-r--r--src/wallet/wallet_rpc_server.cpp87
28 files changed, 385 insertions, 133 deletions
diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
index dd17f6d64..a5d06f092 100644
--- a/src/common/CMakeLists.txt
+++ b/src/common/CMakeLists.txt
@@ -32,6 +32,7 @@ set(common_sources
dns_utils.cpp
util.cpp
i18n.cpp
+ password.cpp
perf_timer.cpp
task_region.cpp
thread_group.cpp)
@@ -46,6 +47,7 @@ set(common_private_headers
base58.h
boost_serialization_helper.h
command_line.h
+ common_fwd.h
dns_utils.h
http_connection.h
int-util.h
@@ -56,6 +58,7 @@ set(common_private_headers
util.h
varint.h
i18n.h
+ password.h
perf_timer.h
stack_trace.h
task_region.h
diff --git a/src/common/command_line.cpp b/src/common/command_line.cpp
index d95859256..c3df5c096 100644
--- a/src/common/command_line.cpp
+++ b/src/common/command_line.cpp
@@ -76,7 +76,6 @@ namespace command_line
const arg_descriptor<bool> arg_version = {"version", "Output version information"};
const arg_descriptor<std::string> arg_data_dir = {"data-dir", "Specify data directory"};
const arg_descriptor<std::string> arg_testnet_data_dir = {"testnet-data-dir", "Specify testnet data directory"};
- const arg_descriptor<std::string> arg_user_agent = {"user-agent", "Restrict RPC use to clients using this user agent"};
const arg_descriptor<bool> arg_test_drop_download = {"test-drop-download", "For net tests: in download, discard ALL blocks instead checking/saving them (very fast)"};
const arg_descriptor<uint64_t> arg_test_drop_download_height = {"test-drop-download-height", "Like test-drop-download but disards only after around certain height", 0};
const arg_descriptor<int> arg_test_dbg_lock_sleep = {"test-dbg-lock-sleep", "Sleep time in ms, defaults to 0 (off), used to debug before/after locking mutex. Values 100 to 1000 are good for tests."};
diff --git a/src/common/command_line.h b/src/common/command_line.h
index 3f0919e99..a09365a6b 100644
--- a/src/common/command_line.h
+++ b/src/common/command_line.h
@@ -207,7 +207,6 @@ namespace command_line
extern const arg_descriptor<bool> arg_version;
extern const arg_descriptor<std::string> arg_data_dir;
extern const arg_descriptor<std::string> arg_testnet_data_dir;
- extern const arg_descriptor<std::string> arg_user_agent;
extern const arg_descriptor<bool> arg_test_drop_download;
extern const arg_descriptor<uint64_t> arg_test_drop_download_height;
extern const arg_descriptor<int> arg_test_dbg_lock_sleep;
diff --git a/src/common/common_fwd.h b/src/common/common_fwd.h
new file mode 100644
index 000000000..5d67251b1
--- /dev/null
+++ b/src/common/common_fwd.h
@@ -0,0 +1,41 @@
+// Copyright (c) 2014-2017, The Monero Project
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+// conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+// of conditions and the following disclaimer in the documentation and/or other
+// materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+// used to endorse or promote products derived from this software without specific
+// prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
+
+#pragma once
+
+namespace tools
+{
+ class DNSResolver;
+ struct login;
+ class password_container;
+ class t_http_connection;
+ class task_region;
+ class thread_group;
+}
diff --git a/src/wallet/password_container.cpp b/src/common/password.cpp
index 832b93a1a..bdc9c69c0 100644
--- a/src/wallet/password_container.cpp
+++ b/src/common/password.cpp
@@ -1,4 +1,4 @@
-// Copyright (c) 2014-2016, The Monero Project
+// Copyright (c) 2014-2017, The Monero Project
//
// All rights reserved.
//
@@ -28,7 +28,7 @@
//
// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
-#include "password_container.h"
+#include "password.h"
#include <iostream>
#include <memory.h>
@@ -245,4 +245,27 @@ namespace tools
return boost::none;
}
+
+ boost::optional<login> login::parse(std::string&& userpass, bool verify, const char* message)
+ {
+ login out{};
+ password_container wipe{std::move(userpass)};
+
+ const auto loc = wipe.password().find(':');
+ if (loc == std::string::npos)
+ {
+ auto result = tools::password_container::prompt(verify, message);
+ if (!result)
+ return boost::none;
+
+ out.password = std::move(*result);
+ }
+ else
+ {
+ out.password = password_container{wipe.password().substr(loc + 1)};
+ }
+
+ out.username = wipe.password().substr(0, loc);
+ return {std::move(out)};
+ }
}
diff --git a/src/wallet/password_container.h b/src/common/password.h
index 9c6faf9c8..12f715df4 100644
--- a/src/wallet/password_container.h
+++ b/src/common/password.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2014-2016, The Monero Project
+// Copyright (c) 2014-2017, The Monero Project
//
// All rights reserved.
//
@@ -64,4 +64,33 @@ namespace tools
//! TODO Custom allocator that locks to RAM?
std::string m_password;
};
+
+ struct login
+ {
+ login() = default;
+
+ /*!
+ Extracts username and password from the format `username:password`. A
+ blank username or password is allowed. If the `:` character is not
+ present, `password_container::prompt` will be called by forwarding the
+ `verify` and `message` arguments.
+
+ \param userpass Is "consumed", and the memory contents are wiped.
+ \param verify is passed to `password_container::prompt` if necessary.
+ \param message is passed to `password_container::prompt` if necessary.
+
+ \return The username and password, or boost::none if
+ `password_container::prompt` fails.
+ */
+ static boost::optional<login> parse(std::string&& userpass, bool verify, const char* message = "Password");
+
+ login(const login&) = delete;
+ login(login&&) = default;
+ ~login() = default;
+ login& operator=(const login&) = delete;
+ login& operator=(login&&) = default;
+
+ std::string username;
+ password_container password;
+ };
}
diff --git a/src/common/rpc_client.h b/src/common/rpc_client.h
index f5ecc8b50..40c103bf3 100644
--- a/src/common/rpc_client.h
+++ b/src/common/rpc_client.h
@@ -28,10 +28,13 @@
#pragma once
+#include <boost/optional/optional.hpp>
+
#include "common/http_connection.h"
#include "common/scoped_message_writer.h"
#include "rpc/core_rpc_server_commands_defs.h"
#include "storages/http_abstract_invoke.h"
+#include "net/http_auth.h"
#include "net/http_client.h"
#include "string_tools.h"
@@ -45,11 +48,12 @@ namespace tools
t_rpc_client(
uint32_t ip
, uint16_t port
+ , boost::optional<epee::net_utils::http::login> user
)
: m_http_client{}
{
m_http_client.set_server(
- epee::string_tools::get_ip_string_from_int32(ip), std::to_string(port)
+ epee::string_tools::get_ip_string_from_int32(ip), std::to_string(port), std::move(user)
);
}
diff --git a/src/daemon/command_parser_executor.cpp b/src/daemon/command_parser_executor.cpp
index 27f9d0fd7..fd73654ac 100644
--- a/src/daemon/command_parser_executor.cpp
+++ b/src/daemon/command_parser_executor.cpp
@@ -37,11 +37,11 @@ namespace daemonize {
t_command_parser_executor::t_command_parser_executor(
uint32_t ip
, uint16_t port
- , const std::string &user_agent
+ , const boost::optional<tools::login>& login
, bool is_rpc
, cryptonote::core_rpc_server* rpc_server
)
- : m_executor(ip, port, user_agent, is_rpc, rpc_server)
+ : m_executor(ip, port, login, is_rpc, rpc_server)
{}
bool t_command_parser_executor::print_peer_list(const std::vector<std::string>& args)
diff --git a/src/daemon/command_parser_executor.h b/src/daemon/command_parser_executor.h
index 15293ade9..1fe3e0f98 100644
--- a/src/daemon/command_parser_executor.h
+++ b/src/daemon/command_parser_executor.h
@@ -36,7 +36,10 @@
#pragma once
+#include <boost/optional/optional_fwd.hpp>
+
#include "daemon/rpc_command_executor.h"
+#include "common/common_fwd.h"
#include "rpc/core_rpc_server.h"
namespace daemonize {
@@ -49,7 +52,7 @@ public:
t_command_parser_executor(
uint32_t ip
, uint16_t port
- , const std::string &user_agent
+ , const boost::optional<tools::login>& login
, bool is_rpc
, cryptonote::core_rpc_server* rpc_server = NULL
);
diff --git a/src/daemon/command_server.cpp b/src/daemon/command_server.cpp
index 95fd3178c..34868b576 100644
--- a/src/daemon/command_server.cpp
+++ b/src/daemon/command_server.cpp
@@ -40,11 +40,11 @@ namespace p = std::placeholders;
t_command_server::t_command_server(
uint32_t ip
, uint16_t port
- , const std::string &user_agent
+ , const boost::optional<tools::login>& login
, bool is_rpc
, cryptonote::core_rpc_server* rpc_server
)
- : m_parser(ip, port, user_agent, is_rpc, rpc_server)
+ : m_parser(ip, port, login, is_rpc, rpc_server)
, m_command_lookup()
, m_is_rpc(is_rpc)
{
diff --git a/src/daemon/command_server.h b/src/daemon/command_server.h
index fb1702aae..9ecf06b9d 100644
--- a/src/daemon/command_server.h
+++ b/src/daemon/command_server.h
@@ -39,6 +39,8 @@ Passing RPC commands:
#pragma once
+#include <boost/optional/optional_fwd.hpp>
+#include "common/common_fwd.h"
#include "console_handler.h"
#include "daemon/command_parser_executor.h"
@@ -54,7 +56,7 @@ public:
t_command_server(
uint32_t ip
, uint16_t port
- , const std::string &user_agent
+ , const boost::optional<tools::login>& login
, bool is_rpc = true
, cryptonote::core_rpc_server* rpc_server = NULL
);
diff --git a/src/daemon/daemon.cpp b/src/daemon/daemon.cpp
index 287c30cb4..e40136a71 100644
--- a/src/daemon/daemon.cpp
+++ b/src/daemon/daemon.cpp
@@ -33,6 +33,7 @@
#include "misc_log_ex.h"
#include "daemon/daemon.h"
+#include "common/password.h"
#include "common/util.h"
#include "daemon/core.h"
#include "daemon/p2p.h"
@@ -127,7 +128,8 @@ bool t_daemon::run(bool interactive)
if (interactive)
{
- rpc_commands = new daemonize::t_command_server(0, 0, "", false, mp_internals->rpc.get_server());
+ // The first three variables are not used when the fourth is false
+ rpc_commands = new daemonize::t_command_server(0, 0, boost::none, false, mp_internals->rpc.get_server());
rpc_commands->start_handling(std::bind(&daemonize::t_daemon::stop_p2p, this));
}
diff --git a/src/daemon/main.cpp b/src/daemon/main.cpp
index e08065ccd..2fa48cd92 100644
--- a/src/daemon/main.cpp
+++ b/src/daemon/main.cpp
@@ -30,6 +30,7 @@
#include "common/command_line.h"
#include "common/scoped_message_writer.h"
+#include "common/password.h"
#include "common/util.h"
#include "cryptonote_core/cryptonote_core.h"
#include "cryptonote_core/miner.h"
@@ -40,6 +41,7 @@
#include "misc_log_ex.h"
#include "p2p/net_node.h"
#include "rpc/core_rpc_server.h"
+#include "rpc/rpc_args.h"
#include "daemon/command_line_args.h"
#include "blockchain_db/db_types.h"
@@ -220,13 +222,13 @@ int main(int argc, char const * argv[])
if (command.size())
{
- auto rpc_ip_str = command_line::get_arg(vm, cryptonote::core_rpc_server::arg_rpc_bind_ip);
+ const cryptonote::rpc_args::descriptors arg{};
+ auto rpc_ip_str = command_line::get_arg(vm, arg.rpc_bind_ip);
auto rpc_port_str = command_line::get_arg(vm, cryptonote::core_rpc_server::arg_rpc_bind_port);
if (testnet_mode)
{
rpc_port_str = command_line::get_arg(vm, cryptonote::core_rpc_server::arg_testnet_rpc_bind_port);
}
- auto user_agent = command_line::get_arg(vm, cryptonote::core_rpc_server::arg_user_agent);
uint32_t rpc_ip;
uint16_t rpc_port;
@@ -241,7 +243,20 @@ int main(int argc, char const * argv[])
return 1;
}
- daemonize::t_command_server rpc_commands{rpc_ip, rpc_port, user_agent};
+ boost::optional<tools::login> login{};
+ if (command_line::has_arg(vm, arg.rpc_login))
+ {
+ login = tools::login::parse(
+ command_line::get_arg(vm, arg.rpc_login), false, "Daemon client password"
+ );
+ if (!login)
+ {
+ std::cerr << "Failed to obtain password" << std::endl;
+ return 1;
+ }
+ }
+
+ daemonize::t_command_server rpc_commands{rpc_ip, rpc_port, std::move(login)};
if (rpc_commands.process_command_vec(command))
{
return 0;
diff --git a/src/daemon/rpc_command_executor.cpp b/src/daemon/rpc_command_executor.cpp
index f7d85b5ef..3ea160c55 100644
--- a/src/daemon/rpc_command_executor.cpp
+++ b/src/daemon/rpc_command_executor.cpp
@@ -29,6 +29,7 @@
// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
#include "string_tools.h"
+#include "common/password.h"
#include "common/scoped_message_writer.h"
#include "daemon/rpc_command_executor.h"
#include "rpc/core_rpc_server_commands_defs.h"
@@ -95,7 +96,7 @@ namespace {
t_rpc_command_executor::t_rpc_command_executor(
uint32_t ip
, uint16_t port
- , const std::string &user_agent
+ , const boost::optional<tools::login>& login
, bool is_rpc
, cryptonote::core_rpc_server* rpc_server
)
@@ -103,7 +104,10 @@ t_rpc_command_executor::t_rpc_command_executor(
{
if (is_rpc)
{
- m_rpc_client = new tools::t_rpc_client(ip, port);
+ boost::optional<epee::net_utils::http::login> http_login{};
+ if (login)
+ http_login.emplace(login->username, login->password.password());
+ m_rpc_client = new tools::t_rpc_client(ip, port, std::move(http_login));
}
else
{
diff --git a/src/daemon/rpc_command_executor.h b/src/daemon/rpc_command_executor.h
index afcd99d32..4691844fa 100644
--- a/src/daemon/rpc_command_executor.h
+++ b/src/daemon/rpc_command_executor.h
@@ -38,6 +38,9 @@
#pragma once
+#include <boost/optional/optional_fwd.hpp>
+
+#include "common/common_fwd.h"
#include "common/rpc_client.h"
#include "misc_log_ex.h"
#include "cryptonote_core/cryptonote_core.h"
@@ -60,7 +63,7 @@ public:
t_rpc_command_executor(
uint32_t ip
, uint16_t port
- , const std::string &user_agent
+ , const boost::optional<tools::login>& user
, bool is_rpc = true
, cryptonote::core_rpc_server* rpc_server = NULL
);
diff --git a/src/rpc/CMakeLists.txt b/src/rpc/CMakeLists.txt
index 6df93cde1..1f9c40209 100644
--- a/src/rpc/CMakeLists.txt
+++ b/src/rpc/CMakeLists.txt
@@ -27,9 +27,11 @@
# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
set(rpc_sources
- core_rpc_server.cpp)
+ core_rpc_server.cpp
+ rpc_args.cpp)
-set(rpc_headers)
+set(rpc_headers
+ rpc_args.h)
set(rpc_private_headers
core_rpc_server.h
@@ -44,6 +46,7 @@ monero_add_library(rpc
${rpc_private_headers})
target_link_libraries(rpc
PUBLIC
+ common
cryptonote_core
cryptonote_protocol
epee
diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp
index b2e8e6716..2b6b15403 100644
--- a/src/rpc/core_rpc_server.cpp
+++ b/src/rpc/core_rpc_server.cpp
@@ -38,6 +38,7 @@ using namespace epee;
#include "cryptonote_core/cryptonote_basic_impl.h"
#include "misc_language.h"
#include "crypto/hash.h"
+#include "rpc/rpc_args.h"
#include "core_rpc_server_error_codes.h"
#define MAX_RESTRICTED_FAKE_OUTS_COUNT 40
@@ -49,11 +50,10 @@ namespace cryptonote
//-----------------------------------------------------------------------------------
void core_rpc_server::init_options(boost::program_options::options_description& desc)
{
- command_line::add_arg(desc, arg_rpc_bind_ip);
command_line::add_arg(desc, arg_rpc_bind_port);
command_line::add_arg(desc, arg_testnet_rpc_bind_port);
command_line::add_arg(desc, arg_restricted_rpc);
- command_line::add_arg(desc, arg_user_agent);
+ cryptonote::rpc_args::init_options(desc);
}
//------------------------------------------------------------------------------------------------------------------------------
core_rpc_server::core_rpc_server(
@@ -64,29 +64,29 @@ namespace cryptonote
, m_p2p(p2p)
{}
//------------------------------------------------------------------------------------------------------------------------------
- bool core_rpc_server::handle_command_line(
+ bool core_rpc_server::init(
const boost::program_options::variables_map& vm
)
{
+ m_testnet = command_line::get_arg(vm, command_line::arg_testnet_on);
+ m_net_server.set_threads_prefix("RPC");
+
auto p2p_bind_arg = m_testnet ? arg_testnet_rpc_bind_port : arg_rpc_bind_port;
- m_bind_ip = command_line::get_arg(vm, arg_rpc_bind_ip);
- m_port = command_line::get_arg(vm, p2p_bind_arg);
+ auto rpc_config = cryptonote::rpc_args::process(vm);
+ if (!rpc_config)
+ return false;
+
m_restricted = command_line::get_arg(vm, arg_restricted_rpc);
- return true;
- }
- //------------------------------------------------------------------------------------------------------------------------------
- bool core_rpc_server::init(
- const boost::program_options::variables_map& vm
- )
- {
- m_testnet = command_line::get_arg(vm, command_line::arg_testnet_on);
- std::string m_user_agent = command_line::get_arg(vm, command_line::arg_user_agent);
- m_net_server.set_threads_prefix("RPC");
- bool r = handle_command_line(vm);
- CHECK_AND_ASSERT_MES(r, false, "Failed to process command line in core_rpc_server");
- return epee::http_server_impl_base<core_rpc_server, connection_context>::init(m_port, m_bind_ip, m_user_agent);
+ boost::optional<epee::net_utils::http::login> http_login{};
+ std::string port = command_line::get_arg(vm, p2p_bind_arg);
+ if (rpc_config->login)
+ http_login.emplace(std::move(rpc_config->login->username), std::move(rpc_config->login->password).password());
+
+ return epee::http_server_impl_base<core_rpc_server, connection_context>::init(
+ std::move(port), std::move(rpc_config->bind_ip), std::move(http_login)
+ );
}
//------------------------------------------------------------------------------------------------------------------------------
bool core_rpc_server::check_core_busy()
@@ -1446,12 +1446,6 @@ namespace cryptonote
}
//------------------------------------------------------------------------------------------------------------------------------
- const command_line::arg_descriptor<std::string> core_rpc_server::arg_rpc_bind_ip = {
- "rpc-bind-ip"
- , "IP for RPC server"
- , "127.0.0.1"
- };
-
const command_line::arg_descriptor<std::string> core_rpc_server::arg_rpc_bind_port = {
"rpc-bind-port"
, "Port for RPC server"
@@ -1469,11 +1463,4 @@ namespace cryptonote
, "Restrict RPC to view only commands"
, false
};
-
- const command_line::arg_descriptor<std::string> core_rpc_server::arg_user_agent = {
- "user-agent"
- , "Restrict RPC to clients using this user agent"
- , ""
- };
-
} // namespace cryptonote
diff --git a/src/rpc/core_rpc_server.h b/src/rpc/core_rpc_server.h
index 767bcc715..0421511a2 100644
--- a/src/rpc/core_rpc_server.h
+++ b/src/rpc/core_rpc_server.h
@@ -52,11 +52,9 @@ namespace cryptonote
{
public:
- static const command_line::arg_descriptor<std::string> arg_rpc_bind_ip;
static const command_line::arg_descriptor<std::string> arg_rpc_bind_port;
static const command_line::arg_descriptor<std::string> arg_testnet_rpc_bind_port;
static const command_line::arg_descriptor<bool> arg_restricted_rpc;
- static const command_line::arg_descriptor<std::string> arg_user_agent;
typedef epee::net_utils::connection_context_base connection_context;
@@ -175,10 +173,6 @@ namespace cryptonote
//-----------------------
private:
-
- bool handle_command_line(
- const boost::program_options::variables_map& vm
- );
bool check_core_busy();
bool check_core_ready();
@@ -188,8 +182,6 @@ private:
core& m_core;
nodetool::node_server<cryptonote::t_cryptonote_protocol_handler<cryptonote::core> >& m_p2p;
- std::string m_port;
- std::string m_bind_ip;
bool m_testnet;
bool m_restricted;
};
diff --git a/src/rpc/rpc_args.cpp b/src/rpc/rpc_args.cpp
new file mode 100644
index 000000000..79f3f7e12
--- /dev/null
+++ b/src/rpc/rpc_args.cpp
@@ -0,0 +1,96 @@
+// Copyright (c) 2014-2017, The Monero Project
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+// conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+// of conditions and the following disclaimer in the documentation and/or other
+// materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+// used to endorse or promote products derived from this software without specific
+// prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+#include "rpc_args.h"
+
+#include <boost/asio/ip/address.hpp>
+#include "common/command_line.h"
+#include "common/i18n.h"
+
+namespace cryptonote
+{
+ rpc_args::descriptors::descriptors()
+ : rpc_bind_ip({"rpc-bind-ip", rpc_args::tr("Specify ip to bind rpc server"), "127.0.0.1"})
+ , rpc_login({"rpc-login", rpc_args::tr("Specify username[:password] required for RPC server"), "", true})
+ , confirm_external_bind({"confirm-external-bind", rpc_args::tr("Confirm rcp-bind-ip value is NOT a loopback (local) IP")})
+ {}
+
+ const char* rpc_args::tr(const char* str) { return i18n_translate(str, "cryptonote::rpc_args"); }
+
+ void rpc_args::init_options(boost::program_options::options_description& desc)
+ {
+ const descriptors arg{};
+ command_line::add_arg(desc, arg.rpc_bind_ip);
+ command_line::add_arg(desc, arg.rpc_login);
+ command_line::add_arg(desc, arg.confirm_external_bind);
+ }
+
+ boost::optional<rpc_args> rpc_args::process(const boost::program_options::variables_map& vm)
+ {
+ const descriptors arg{};
+ rpc_args config{};
+
+ config.bind_ip = command_line::get_arg(vm, arg.rpc_bind_ip);
+ if (!config.bind_ip.empty())
+ {
+ // always parse IP here for error consistency
+ boost::system::error_code ec{};
+ const auto parsed_ip = boost::asio::ip::address::from_string(config.bind_ip, ec);
+ if (ec)
+ {
+ LOG_ERROR(tr("Invalid IP address given for --") << arg.rpc_bind_ip.name);
+ return boost::none;
+ }
+
+ if (!parsed_ip.is_loopback() && !command_line::get_arg(vm, arg.confirm_external_bind))
+ {
+ LOG_ERROR(
+ "--" << arg.rpc_bind_ip.name <<
+ tr(" permits inbound unencrypted external connections. Consider SSH tunnel or SSL proxy instead. Override with --") <<
+ arg.confirm_external_bind.name
+ );
+ return boost::none;
+ }
+ }
+
+ if (command_line::has_arg(vm, arg.rpc_login))
+ {
+ config.login = tools::login::parse(command_line::get_arg(vm, arg.rpc_login), true, "RPC server password");
+ if (!config.login)
+ return boost::none;
+
+ if (config.login->username.empty())
+ {
+ LOG_ERROR(tr("Username specified with --") << arg.rpc_login.name << tr(" cannot be empty"));
+ return boost::none;
+ }
+ }
+
+ return {std::move(config)};
+ }
+}
diff --git a/src/rpc/rpc_args.h b/src/rpc/rpc_args.h
new file mode 100644
index 000000000..d6e7bab07
--- /dev/null
+++ b/src/rpc/rpc_args.h
@@ -0,0 +1,67 @@
+// Copyright (c) 2014-2017, The Monero Project
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+// conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+// of conditions and the following disclaimer in the documentation and/or other
+// materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+// used to endorse or promote products derived from this software without specific
+// prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+#pragma once
+
+#include <boost/optional/optional.hpp>
+#include <boost/program_options/options_description.hpp>
+#include <boost/program_options/variables_map.hpp>
+#include <string>
+
+#include "common/command_line.h"
+#include "common/password.h"
+
+namespace cryptonote
+{
+ //! Processes command line arguments related to server-side RPC
+ struct rpc_args
+ {
+ // non-static construction prevents initialization order issues
+ struct descriptors
+ {
+ descriptors();
+ descriptors(const descriptors&) = delete;
+ descriptors(descriptors&&) = delete;
+ descriptors& operator=(const descriptors&) = delete;
+ descriptors& operator=(descriptors&&) = delete;
+
+ const command_line::arg_descriptor<std::string> rpc_bind_ip;
+ const command_line::arg_descriptor<std::string> rpc_login;
+ const command_line::arg_descriptor<bool> confirm_external_bind;
+ };
+
+ static const char* tr(const char* str);
+ static void init_options(boost::program_options::options_description& desc);
+
+ //! \return Arguments specified by user, or `boost::none` if error
+ static boost::optional<rpc_args> process(const boost::program_options::variables_map& vm);
+
+ std::string bind_ip;
+ boost::optional<tools::login> login; // currently `boost::none` if unspecified by user
+ };
+}
diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp
index a8f1d177f..7ffce6798 100644
--- a/src/simplewallet/simplewallet.cpp
+++ b/src/simplewallet/simplewallet.cpp
@@ -1192,7 +1192,7 @@ bool simple_wallet::init(const boost::program_options::variables_map& vm)
}
catch (const std::exception &e) { }
- m_http_client.set_server(m_wallet->get_daemon_address());
+ m_http_client.set_server(m_wallet->get_daemon_address(), m_wallet->get_daemon_login());
m_wallet->callback(this);
return true;
}
diff --git a/src/simplewallet/simplewallet.h b/src/simplewallet/simplewallet.h
index ce0a24be7..b101f3e0b 100644
--- a/src/simplewallet/simplewallet.h
+++ b/src/simplewallet/simplewallet.h
@@ -44,7 +44,7 @@
#include "cryptonote_core/cryptonote_basic_impl.h"
#include "wallet/wallet2.h"
#include "console_handler.h"
-#include "wallet/password_container.h"
+#include "common/password.h"
#include "crypto/crypto.h" // for definition of crypto::secret_key
#undef MONERO_DEFAULT_LOG_CATEGORY
diff --git a/src/wallet/CMakeLists.txt b/src/wallet/CMakeLists.txt
index 922464a3c..8626001ce 100644
--- a/src/wallet/CMakeLists.txt
+++ b/src/wallet/CMakeLists.txt
@@ -31,7 +31,6 @@
set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib)
set(wallet_sources
- password_container.cpp
wallet2.cpp
wallet_args.cpp
node_rpc_proxy.cpp
@@ -49,7 +48,6 @@ set(wallet_api_headers
set(wallet_private_headers
- password_container.h
wallet2.h
wallet_args.h
wallet_errors.h
@@ -74,6 +72,7 @@ monero_add_library(wallet
${wallet_private_headers})
target_link_libraries(wallet
PUBLIC
+ common
cryptonote_core
mnemonics
p2p
diff --git a/src/wallet/api/wallet.cpp b/src/wallet/api/wallet.cpp
index 9e40d2e02..325f8522e 100644
--- a/src/wallet/api/wallet.cpp
+++ b/src/wallet/api/wallet.cpp
@@ -1364,7 +1364,7 @@ bool WalletImpl::isNewWallet() const
bool WalletImpl::doInit(const string &daemon_address, uint64_t upper_transaction_size_limit)
{
- if (!m_wallet->init(daemon_address, upper_transaction_size_limit))
+ if (!m_wallet->init(daemon_address, boost::none, upper_transaction_size_limit))
return false;
// in case new wallet, this will force fast-refresh (pulling hashes instead of blocks)
diff --git a/src/wallet/api/wallet_manager.cpp b/src/wallet/api/wallet_manager.cpp
index c761cc6d2..4104e7884 100644
--- a/src/wallet/api/wallet_manager.cpp
+++ b/src/wallet/api/wallet_manager.cpp
@@ -48,7 +48,7 @@ namespace {
bool connect_and_invoke(const std::string& address, const std::string& path, const Request& request, Response& response)
{
epee::net_utils::http::http_simple_client client{};
- return client.set_server(address) && epee::net_utils::invoke_http_json(path, request, response, client);
+ return client.set_server(address, boost::none) && epee::net_utils::invoke_http_json(path, request, response, client);
}
}
diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index 9bdfc7b04..0c6d23cc4 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -108,6 +108,7 @@ struct options {
const command_line::arg_descriptor<std::string> password = {"password", tools::wallet2::tr("Wallet password"), "", true};
const command_line::arg_descriptor<std::string> password_file = {"password-file", tools::wallet2::tr("Wallet password file"), "", true};
const command_line::arg_descriptor<int> daemon_port = {"daemon-port", tools::wallet2::tr("Use daemon instance at port <arg> instead of 18081"), 0};
+ const command_line::arg_descriptor<std::string> daemon_login = {"daemon-login", tools::wallet2::tr("Specify username[:password] for daemon RPC client"), "", true};
const command_line::arg_descriptor<bool> testnet = {"testnet", tools::wallet2::tr("For testnet. Daemon must also be launched with --testnet flag"), false};
const command_line::arg_descriptor<bool> restricted = {"restricted-rpc", tools::wallet2::tr("Restricts to view-only commands"), false};
};
@@ -152,6 +153,18 @@ std::unique_ptr<tools::wallet2> make_basic(const boost::program_options::variabl
return nullptr;
}
+ boost::optional<epee::net_utils::http::login> login{};
+ if (command_line::has_arg(vm, opts.daemon_login))
+ {
+ auto parsed = tools::login::parse(
+ command_line::get_arg(vm, opts.daemon_login), false, "Daemon client password"
+ );
+ if (!parsed)
+ return nullptr;
+
+ login.emplace(std::move(parsed->username), std::move(parsed->password).password());
+ }
+
if (daemon_host.empty())
daemon_host = "localhost";
@@ -164,7 +177,7 @@ std::unique_ptr<tools::wallet2> make_basic(const boost::program_options::variabl
daemon_address = std::string("http://") + daemon_host + ":" + std::to_string(daemon_port);
std::unique_ptr<tools::wallet2> wallet(new tools::wallet2(testnet, restricted));
- wallet->init(std::move(daemon_address));
+ wallet->init(std::move(daemon_address), std::move(login));
return wallet;
}
@@ -434,6 +447,7 @@ void wallet2::init_options(boost::program_options::options_description& desc_par
command_line::add_arg(desc_params, opts.password);
command_line::add_arg(desc_params, opts.password_file);
command_line::add_arg(desc_params, opts.daemon_port);
+ command_line::add_arg(desc_params, opts.daemon_login);
command_line::add_arg(desc_params, opts.testnet);
command_line::add_arg(desc_params, opts.restricted);
}
@@ -485,11 +499,12 @@ std::pair<std::unique_ptr<wallet2>, password_container> wallet2::make_new(const
}
//----------------------------------------------------------------------------------------------------
-bool wallet2::init(std::string daemon_address, uint64_t upper_transaction_size_limit)
+bool wallet2::init(std::string daemon_address, boost::optional<epee::net_utils::http::login> daemon_login, uint64_t upper_transaction_size_limit)
{
m_upper_transaction_size_limit = upper_transaction_size_limit;
m_daemon_address = std::move(daemon_address);
- return m_http_client.set_server(get_daemon_address());
+ m_daemon_login = std::move(daemon_login);
+ return m_http_client.set_server(get_daemon_address(), get_daemon_login());
}
//----------------------------------------------------------------------------------------------------
bool wallet2::is_deterministic() const
diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h
index 567292d30..9842ddf32 100644
--- a/src/wallet/wallet2.h
+++ b/src/wallet/wallet2.h
@@ -53,7 +53,7 @@
#include "ringct/rctOps.h"
#include "wallet_errors.h"
-#include "password_container.h"
+#include "common/password.h"
#include "node_rpc_proxy.h"
#include <iostream>
@@ -343,7 +343,8 @@ namespace tools
// into account the current median block size rather than
// the minimum block size.
bool deinit();
- bool init(std::string daemon_address = "http://localhost:8080", uint64_t upper_transaction_size_limit = 0);
+ bool init(std::string daemon_address = "http://localhost:8080",
+ boost::optional<epee::net_utils::http::login> daemon_login = boost::none, uint64_t upper_transaction_size_limit = 0);
void stop() { m_run.store(false, std::memory_order_relaxed); }
@@ -527,6 +528,7 @@ namespace tools
std::string get_wallet_file() const;
std::string get_keys_file() const;
std::string get_daemon_address() const;
+ const boost::optional<epee::net_utils::http::login>& get_daemon_login() const { return m_daemon_login; }
uint64_t get_daemon_blockchain_height(std::string& err);
uint64_t get_daemon_blockchain_target_height(std::string& err);
/*!
@@ -619,6 +621,7 @@ namespace tools
crypto::public_key get_tx_pub_key_from_received_outs(const tools::wallet2::transfer_details &td) const;
cryptonote::account_base m_account;
+ boost::optional<epee::net_utils::http::login> m_daemon_login;
std::string m_daemon_address;
std::string m_wallet_file;
std::string m_keys_file;
diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp
index 22f5f8bb6..76520c185 100644
--- a/src/wallet/wallet_rpc_server.cpp
+++ b/src/wallet/wallet_rpc_server.cpp
@@ -45,6 +45,7 @@ using namespace epee;
#include "string_coding.h"
#include "string_tools.h"
#include "crypto/hash.h"
+#include "rpc/rpc_args.h"
#undef MONERO_DEFAULT_LOG_CATEGORY
#define MONERO_DEFAULT_LOG_CATEGORY "wallet.rpc"
@@ -52,10 +53,7 @@ using namespace epee;
namespace
{
const command_line::arg_descriptor<std::string, true> arg_rpc_bind_port = {"rpc-bind-port", "Sets bind port for server"};
- const command_line::arg_descriptor<std::string> arg_rpc_bind_ip = {"rpc-bind-ip", "Specify ip to bind rpc server", "127.0.0.1"};
- const command_line::arg_descriptor<std::string> arg_rpc_login = {"rpc-login", "Specify username[:password] required for RPC connection"};
- const command_line::arg_descriptor<bool> arg_disable_rpc_login = {"disable-rpc-login", "Disable HTTP authentication for RPC"};
- const command_line::arg_descriptor<bool> arg_confirm_external_bind = {"confirm-external-bind", "Confirm rcp-bind-ip value is NOT a loopback (local) IP"};
+ const command_line::arg_descriptor<bool> arg_disable_rpc_login = {"disable-rpc-login", "Disable HTTP authentication for RPC connections served by this process"};
constexpr const char default_rpc_username[] = "monero";
}
@@ -107,75 +105,41 @@ namespace tools
//------------------------------------------------------------------------------------------------------------------------------
bool wallet_rpc_server::init(const boost::program_options::variables_map& vm)
{
- std::string bind_ip = command_line::get_arg(vm, arg_rpc_bind_ip);
- if (!bind_ip.empty())
- {
- // always parse IP here for error consistency
- boost::system::error_code ec{};
- const auto parsed_ip = boost::asio::ip::address::from_string(bind_ip, ec);
- if (ec)
- {
- LOG_ERROR(tr("Invalid IP address given for rpc-bind-ip argument"));
- return false;
- }
-
- if (!parsed_ip.is_loopback() && !command_line::get_arg(vm, arg_confirm_external_bind))
- {
- LOG_ERROR(
- tr("The rpc-bind-ip value is listening for unencrypted external connections. Consider SSH tunnel or SSL proxy instead. Override with --confirm-external-bind")
- );
- return false;
- }
- }
-
- epee::net_utils::http::login login{};
+ auto rpc_config = cryptonote::rpc_args::process(vm);
+ if (!rpc_config)
+ return false;
+ boost::optional<epee::net_utils::http::login> http_login{};
+ std::string bind_port = command_line::get_arg(vm, arg_rpc_bind_port);
const bool disable_auth = command_line::get_arg(vm, arg_disable_rpc_login);
- const std::string user_pass = command_line::get_arg(vm, arg_rpc_login);
- const std::string bind_port = command_line::get_arg(vm, arg_rpc_bind_port);
if (disable_auth)
{
- if (!user_pass.empty())
+ if (rpc_config->login)
{
- LOG_ERROR(tr("Cannot specify --") << arg_disable_rpc_login.name << tr(" and --") << arg_rpc_login.name);
+ const cryptonote::rpc_args::descriptors arg{};
+ LOG_ERROR(tr("Cannot specify --") << arg_disable_rpc_login.name << tr(" and --") << arg.rpc_login.name);
return false;
}
}
else // auth enabled
{
- if (user_pass.empty())
+ if (!rpc_config->login)
{
- login.username = default_rpc_username;
-
std::array<std::uint8_t, 16> rand_128bit{{}};
crypto::rand(rand_128bit.size(), rand_128bit.data());
- login.password = string_encoding::base64_encode(rand_128bit.data(), rand_128bit.size());
+ http_login.emplace(
+ default_rpc_username,
+ string_encoding::base64_encode(rand_128bit.data(), rand_128bit.size())
+ );
}
- else // user password
+ else
{
- const auto loc = user_pass.find(':');
- login.username = user_pass.substr(0, loc);
- if (loc != std::string::npos)
- {
- login.password = user_pass.substr(loc + 1);
- }
- else
- {
- login.password = tools::password_container::prompt(true, "RPC password").value_or(
- tools::password_container{}
- ).password();
- }
-
- if (login.username.empty() || login.password.empty())
- {
- LOG_ERROR(tr("Blank username or password not permitted for RPC authenticaion"));
- return false;
- }
+ http_login.emplace(
+ std::move(rpc_config->login->username), std::move(rpc_config->login->password).password()
+ );
}
-
- assert(!login.username.empty());
- assert(!login.password.empty());
+ assert(bool(http_login));
std::string temp = "monero-wallet-rpc." + bind_port + ".login";
const auto cookie = tools::create_private_file(temp);
@@ -186,9 +150,9 @@ namespace tools
}
rpc_login_filename.swap(temp); // nothrow guarantee destructor cleanup
temp = rpc_login_filename;
- std::fputs(login.username.c_str(), cookie.get());
+ std::fputs(http_login->username.c_str(), cookie.get());
std::fputc(':', cookie.get());
- std::fputs(login.password.c_str(), cookie.get());
+ std::fputs(http_login->password.c_str(), cookie.get());
std::fflush(cookie.get());
if (std::ferror(cookie.get()))
{
@@ -200,7 +164,7 @@ namespace tools
m_net_server.set_threads_prefix("RPC");
return epee::http_server_impl_base<wallet_rpc_server, connection_context>::init(
- std::move(bind_port), std::move(bind_ip), std::string{}, boost::make_optional(!disable_auth, std::move(login))
+ std::move(bind_port), std::move(rpc_config->bind_ip), std::move(http_login)
);
}
//------------------------------------------------------------------------------------------------------------------------------
@@ -1410,14 +1374,13 @@ int main(int argc, char** argv) {
po::options_description desc_params(wallet_args::tr("Wallet options"));
tools::wallet2::init_options(desc_params);
- command_line::add_arg(desc_params, arg_rpc_bind_ip);
command_line::add_arg(desc_params, arg_rpc_bind_port);
- command_line::add_arg(desc_params, arg_rpc_login);
command_line::add_arg(desc_params, arg_disable_rpc_login);
- command_line::add_arg(desc_params, arg_confirm_external_bind);
+ cryptonote::rpc_args::init_options(desc_params);
command_line::add_arg(desc_params, arg_wallet_file);
command_line::add_arg(desc_params, arg_from_json);
+
const auto vm = wallet_args::main(
argc, argv,
"monero-wallet-rpc [--wallet-file=<file>|--generate-from-json=<file>] [--rpc-bind-port=<port>]",