aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLee Clagett <code@leeclagett.com>2016-11-28 18:39:59 -0500
committerLee Clagett <code@leeclagett.com>2016-12-05 21:45:11 -0500
commit18462aa065d8008f554466143ad48332f7e89cd9 (patch)
tree525577a5aa271e6e1118aa895bb81b1859345c5b /src
parentMerge pull request #1403 (diff)
downloadmonero-18462aa065d8008f554466143ad48332f7e89cd9.tar.xz
Added confirmation before binding wallet-rpc to external IP
Diffstat (limited to '')
-rw-r--r--src/wallet/wallet_rpc_server.cpp41
-rw-r--r--src/wallet/wallet_rpc_server.h3
2 files changed, 30 insertions, 14 deletions
diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp
index 5352b0b73..7c08bbe4b 100644
--- a/src/wallet/wallet_rpc_server.cpp
+++ b/src/wallet/wallet_rpc_server.cpp
@@ -27,6 +27,7 @@
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
+#include <boost/asio/ip/address.hpp>
#include <cstdint>
#include "include_base_utils.h"
using namespace epee;
@@ -47,6 +48,8 @@ namespace
const command_line::arg_descriptor<std::string, true> arg_rpc_bind_port = {"rpc-bind-port", "Sets bind port for server"};
const command_line::arg_descriptor<std::string> arg_rpc_bind_ip = {"rpc-bind-ip", "Specify ip to bind rpc server", "127.0.0.1"};
const command_line::arg_descriptor<std::string> arg_user_agent = {"user-agent", "Restrict RPC to clients using this user agent", ""};
+
+ const command_line::arg_descriptor<bool> arg_confirm_external_bind = {"confirm-external-bind", "Confirm rcp-bind-ip value is NOT a loopback (local) IP"};
}
namespace tools
@@ -84,20 +87,35 @@ namespace tools
return epee::http_server_impl_base<wallet_rpc_server, connection_context>::run(1, true);
}
//------------------------------------------------------------------------------------------------------------------------------
- bool wallet_rpc_server::handle_command_line(const boost::program_options::variables_map& vm)
- {
- m_bind_ip = command_line::get_arg(vm, arg_rpc_bind_ip);
- m_port = command_line::get_arg(vm, arg_rpc_bind_port);
- m_user_agent = command_line::get_arg(vm, arg_user_agent);
- return true;
- }
- //------------------------------------------------------------------------------------------------------------------------------
bool wallet_rpc_server::init(const boost::program_options::variables_map& vm)
{
+ std::string bind_ip = command_line::get_arg(vm, arg_rpc_bind_ip);
+ if (!bind_ip.empty())
+ {
+ // always parse IP here for error consistency
+ boost::system::error_code ec{};
+ const auto parsed_ip = boost::asio::ip::address::from_string(bind_ip, ec);
+ if (ec)
+ {
+ LOG_ERROR(tr("Invalid IP address given for rpc-bind-ip argument"));
+ return false;
+ }
+
+ if (!parsed_ip.is_loopback() && !command_line::get_arg(vm, arg_confirm_external_bind))
+ {
+ LOG_ERROR(
+ tr("The rpc-bind-ip value is listening for unencrypted external connections. Consider SSH tunnel or SSL proxy instead. Override with --confirm-external-bind")
+ );
+ return false;
+ }
+ }
+
m_net_server.set_threads_prefix("RPC");
- bool r = handle_command_line(vm);
- CHECK_AND_ASSERT_MES(r, false, "Failed to process command line in core_rpc_server");
- return epee::http_server_impl_base<wallet_rpc_server, connection_context>::init(m_port, m_bind_ip, m_user_agent);
+ return epee::http_server_impl_base<wallet_rpc_server, connection_context>::init(
+ command_line::get_arg(vm, arg_rpc_bind_port),
+ std::move(bind_ip),
+ command_line::get_arg(vm, arg_user_agent)
+ );
}
//------------------------------------------------------------------------------------------------------------------------------
bool wallet_rpc_server::on_getbalance(const wallet_rpc::COMMAND_RPC_GET_BALANCE::request& req, wallet_rpc::COMMAND_RPC_GET_BALANCE::response& res, epee::json_rpc::error& er)
@@ -1115,6 +1133,7 @@ int main(int argc, char** argv) {
command_line::add_arg(desc_params, arg_rpc_bind_ip);
command_line::add_arg(desc_params, arg_rpc_bind_port);
command_line::add_arg(desc_params, arg_user_agent);
+ command_line::add_arg(desc_params, arg_confirm_external_bind);
command_line::add_arg(desc_params, arg_wallet_file);
command_line::add_arg(desc_params, arg_from_json);
diff --git a/src/wallet/wallet_rpc_server.h b/src/wallet/wallet_rpc_server.h
index 7d6f94e56..96ca1af04 100644
--- a/src/wallet/wallet_rpc_server.h
+++ b/src/wallet/wallet_rpc_server.h
@@ -118,9 +118,6 @@ namespace tools
bool on_query_key(const wallet_rpc::COMMAND_RPC_QUERY_KEY::request& req, wallet_rpc::COMMAND_RPC_QUERY_KEY::response& res, epee::json_rpc::error& er);
wallet2& m_wallet;
- std::string m_port;
- std::string m_bind_ip;
- std::string m_user_agent;
std::atomic<bool> m_stop;
};
}