aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2016-09-07 21:38:41 +0100
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2016-09-18 20:32:02 +0100
commiteeb2bbc0fcc9c5afa2c3aa12915b4d3f31115e56 (patch)
treec55799576b49814203891a6688ec2dbdf86b7bcf /src
parentMerge pull request #1099 (diff)
downloadmonero-eeb2bbc0fcc9c5afa2c3aa12915b4d3f31115e56.tar.xz
epee: optionally restrict HTTP service to a configurable user agent
This is intended to catch traffic coming from a web browser, so we avoid issues with a web page sending a transfer RPC to the wallet. Requiring a particular user agent can act as a simple password scheme, while we wait for 0MQ and proper authentication to be merged.
Diffstat (limited to 'src')
-rw-r--r--src/common/command_line.cpp1
-rw-r--r--src/common/command_line.h1
-rw-r--r--src/daemon/command_parser_executor.cpp3
-rw-r--r--src/daemon/command_parser_executor.h1
-rw-r--r--src/daemon/command_server.cpp3
-rw-r--r--src/daemon/command_server.h1
-rw-r--r--src/daemon/daemon.cpp2
-rw-r--r--src/daemon/main.cpp3
-rw-r--r--src/daemon/rpc_command_executor.cpp1
-rw-r--r--src/daemon/rpc_command_executor.h1
-rw-r--r--src/rpc/core_rpc_server.cpp10
-rw-r--r--src/rpc/core_rpc_server.h1
-rw-r--r--src/wallet/wallet_rpc_server.cpp5
-rw-r--r--src/wallet/wallet_rpc_server.h2
14 files changed, 29 insertions, 6 deletions
diff --git a/src/common/command_line.cpp b/src/common/command_line.cpp
index 90db3b04d..fc096abe5 100644
--- a/src/common/command_line.cpp
+++ b/src/common/command_line.cpp
@@ -48,6 +48,7 @@ namespace command_line
const arg_descriptor<bool> arg_version = {"version", "Output version information"};
const arg_descriptor<std::string> arg_data_dir = {"data-dir", "Specify data directory"};
const arg_descriptor<std::string> arg_testnet_data_dir = {"testnet-data-dir", "Specify testnet data directory"};
+ const arg_descriptor<std::string> arg_user_agent = {"user-agent", "Restrict RPC use to clients using this user agent"};
const arg_descriptor<bool> arg_test_drop_download = {"test-drop-download", "For net tests: in download, discard ALL blocks instead checking/saving them (very fast)"};
const arg_descriptor<uint64_t> arg_test_drop_download_height = {"test-drop-download-height", "Like test-drop-download but disards only after around certain height", 0};
const arg_descriptor<int> arg_test_dbg_lock_sleep = {"test-dbg-lock-sleep", "Sleep time in ms, defaults to 0 (off), used to debug before/after locking mutex. Values 100 to 1000 are good for tests."};
diff --git a/src/common/command_line.h b/src/common/command_line.h
index 75dc4b9fd..731b8b0bb 100644
--- a/src/common/command_line.h
+++ b/src/common/command_line.h
@@ -204,6 +204,7 @@ namespace command_line
extern const arg_descriptor<bool> arg_version;
extern const arg_descriptor<std::string> arg_data_dir;
extern const arg_descriptor<std::string> arg_testnet_data_dir;
+ extern const arg_descriptor<std::string> arg_user_agent;
extern const arg_descriptor<bool> arg_test_drop_download;
extern const arg_descriptor<uint64_t> arg_test_drop_download_height;
extern const arg_descriptor<int> arg_test_dbg_lock_sleep;
diff --git a/src/daemon/command_parser_executor.cpp b/src/daemon/command_parser_executor.cpp
index 00ea6ef6c..83892c661 100644
--- a/src/daemon/command_parser_executor.cpp
+++ b/src/daemon/command_parser_executor.cpp
@@ -34,10 +34,11 @@ namespace daemonize {
t_command_parser_executor::t_command_parser_executor(
uint32_t ip
, uint16_t port
+ , const std::string &user_agent
, bool is_rpc
, cryptonote::core_rpc_server* rpc_server
)
- : m_executor(ip, port, is_rpc, rpc_server)
+ : m_executor(ip, port, user_agent, is_rpc, rpc_server)
{}
bool t_command_parser_executor::print_peer_list(const std::vector<std::string>& args)
diff --git a/src/daemon/command_parser_executor.h b/src/daemon/command_parser_executor.h
index 11df92a5e..e59f51cdb 100644
--- a/src/daemon/command_parser_executor.h
+++ b/src/daemon/command_parser_executor.h
@@ -49,6 +49,7 @@ public:
t_command_parser_executor(
uint32_t ip
, uint16_t port
+ , const std::string &user_agent
, bool is_rpc
, cryptonote::core_rpc_server* rpc_server = NULL
);
diff --git a/src/daemon/command_server.cpp b/src/daemon/command_server.cpp
index ce8ac44fc..2c3c54841 100644
--- a/src/daemon/command_server.cpp
+++ b/src/daemon/command_server.cpp
@@ -37,10 +37,11 @@ namespace p = std::placeholders;
t_command_server::t_command_server(
uint32_t ip
, uint16_t port
+ , const std::string &user_agent
, bool is_rpc
, cryptonote::core_rpc_server* rpc_server
)
- : m_parser(ip, port, is_rpc, rpc_server)
+ : m_parser(ip, port, user_agent, is_rpc, rpc_server)
, m_command_lookup()
, m_is_rpc(is_rpc)
{
diff --git a/src/daemon/command_server.h b/src/daemon/command_server.h
index d7022e135..fb1702aae 100644
--- a/src/daemon/command_server.h
+++ b/src/daemon/command_server.h
@@ -54,6 +54,7 @@ public:
t_command_server(
uint32_t ip
, uint16_t port
+ , const std::string &user_agent
, bool is_rpc = true
, cryptonote::core_rpc_server* rpc_server = NULL
);
diff --git a/src/daemon/daemon.cpp b/src/daemon/daemon.cpp
index e79823d08..74875bfb0 100644
--- a/src/daemon/daemon.cpp
+++ b/src/daemon/daemon.cpp
@@ -124,7 +124,7 @@ bool t_daemon::run(bool interactive)
if (interactive)
{
- rpc_commands = new daemonize::t_command_server(0, 0, false, mp_internals->rpc.get_server());
+ rpc_commands = new daemonize::t_command_server(0, 0, "", false, mp_internals->rpc.get_server());
rpc_commands->start_handling(std::bind(&daemonize::t_daemon::stop_p2p, this));
}
diff --git a/src/daemon/main.cpp b/src/daemon/main.cpp
index 93027a5d6..0895e1bf1 100644
--- a/src/daemon/main.cpp
+++ b/src/daemon/main.cpp
@@ -208,6 +208,7 @@ int main(int argc, char const * argv[])
{
rpc_port_str = command_line::get_arg(vm, cryptonote::core_rpc_server::arg_testnet_rpc_bind_port);
}
+ auto user_agent = command_line::get_arg(vm, cryptonote::core_rpc_server::arg_user_agent);
uint32_t rpc_ip;
uint16_t rpc_port;
@@ -222,7 +223,7 @@ int main(int argc, char const * argv[])
return 1;
}
- daemonize::t_command_server rpc_commands{rpc_ip, rpc_port};
+ daemonize::t_command_server rpc_commands{rpc_ip, rpc_port, user_agent};
if (rpc_commands.process_command_vec(command))
{
return 0;
diff --git a/src/daemon/rpc_command_executor.cpp b/src/daemon/rpc_command_executor.cpp
index b43e01e1f..ad6041fca 100644
--- a/src/daemon/rpc_command_executor.cpp
+++ b/src/daemon/rpc_command_executor.cpp
@@ -92,6 +92,7 @@ namespace {
t_rpc_command_executor::t_rpc_command_executor(
uint32_t ip
, uint16_t port
+ , const std::string &user_agent
, bool is_rpc
, cryptonote::core_rpc_server* rpc_server
)
diff --git a/src/daemon/rpc_command_executor.h b/src/daemon/rpc_command_executor.h
index 7e73e7faf..afb2b5f36 100644
--- a/src/daemon/rpc_command_executor.h
+++ b/src/daemon/rpc_command_executor.h
@@ -57,6 +57,7 @@ public:
t_rpc_command_executor(
uint32_t ip
, uint16_t port
+ , const std::string &user_agent
, bool is_rpc = true
, cryptonote::core_rpc_server* rpc_server = NULL
);
diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp
index 5aa3591ab..f6431a018 100644
--- a/src/rpc/core_rpc_server.cpp
+++ b/src/rpc/core_rpc_server.cpp
@@ -54,6 +54,7 @@ namespace cryptonote
command_line::add_arg(desc, arg_rpc_bind_port);
command_line::add_arg(desc, arg_testnet_rpc_bind_port);
command_line::add_arg(desc, arg_restricted_rpc);
+ command_line::add_arg(desc, arg_user_agent);
}
//------------------------------------------------------------------------------------------------------------------------------
core_rpc_server::core_rpc_server(
@@ -81,11 +82,12 @@ namespace cryptonote
)
{
m_testnet = command_line::get_arg(vm, command_line::arg_testnet_on);
+ std::string m_user_agent = command_line::get_arg(vm, command_line::arg_user_agent);
m_net_server.set_threads_prefix("RPC");
bool r = handle_command_line(vm);
CHECK_AND_ASSERT_MES(r, false, "Failed to process command line in core_rpc_server");
- return epee::http_server_impl_base<core_rpc_server, connection_context>::init(m_port, m_bind_ip);
+ return epee::http_server_impl_base<core_rpc_server, connection_context>::init(m_port, m_bind_ip, m_user_agent);
}
//------------------------------------------------------------------------------------------------------------------------------
bool core_rpc_server::check_core_busy()
@@ -1277,4 +1279,10 @@ namespace cryptonote
, false
};
+ const command_line::arg_descriptor<std::string> core_rpc_server::arg_user_agent = {
+ "user-agent"
+ , "Restrict RPC to clients using this user agent"
+ , ""
+ };
+
} // namespace cryptonote
diff --git a/src/rpc/core_rpc_server.h b/src/rpc/core_rpc_server.h
index 9fcf3abf8..9885aa0ff 100644
--- a/src/rpc/core_rpc_server.h
+++ b/src/rpc/core_rpc_server.h
@@ -56,6 +56,7 @@ namespace cryptonote
static const command_line::arg_descriptor<std::string> arg_rpc_bind_port;
static const command_line::arg_descriptor<std::string> arg_testnet_rpc_bind_port;
static const command_line::arg_descriptor<bool> arg_restricted_rpc;
+ static const command_line::arg_descriptor<std::string> arg_user_agent;
typedef epee::net_utils::connection_context_base connection_context;
diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp
index 1816ae801..faa40e166 100644
--- a/src/wallet/wallet_rpc_server.cpp
+++ b/src/wallet/wallet_rpc_server.cpp
@@ -45,11 +45,13 @@ namespace tools
//-----------------------------------------------------------------------------------
const command_line::arg_descriptor<std::string> wallet_rpc_server::arg_rpc_bind_port = {"rpc-bind-port", "Starts wallet as rpc server for wallet operations, sets bind port for server", "", true};
const command_line::arg_descriptor<std::string> wallet_rpc_server::arg_rpc_bind_ip = {"rpc-bind-ip", "Specify ip to bind rpc server", "127.0.0.1"};
+ const command_line::arg_descriptor<std::string> wallet_rpc_server::arg_user_agent = {"user-agent", "Restrict RPC to clients using this user agent", ""};
void wallet_rpc_server::init_options(boost::program_options::options_description& desc)
{
command_line::add_arg(desc, arg_rpc_bind_ip);
command_line::add_arg(desc, arg_rpc_bind_port);
+ command_line::add_arg(desc, arg_user_agent);
}
//------------------------------------------------------------------------------------------------------------------------------
wallet_rpc_server::wallet_rpc_server(wallet2& w):m_wallet(w)
@@ -83,6 +85,7 @@ namespace tools
{
m_bind_ip = command_line::get_arg(vm, arg_rpc_bind_ip);
m_port = command_line::get_arg(vm, arg_rpc_bind_port);
+ m_user_agent = command_line::get_arg(vm, arg_user_agent);
return true;
}
//------------------------------------------------------------------------------------------------------------------------------
@@ -91,7 +94,7 @@ namespace tools
m_net_server.set_threads_prefix("RPC");
bool r = handle_command_line(vm);
CHECK_AND_ASSERT_MES(r, false, "Failed to process command line in core_rpc_server");
- return epee::http_server_impl_base<wallet_rpc_server, connection_context>::init(m_port, m_bind_ip);
+ return epee::http_server_impl_base<wallet_rpc_server, connection_context>::init(m_port, m_bind_ip, m_user_agent);
}
//------------------------------------------------------------------------------------------------------------------------------
bool wallet_rpc_server::on_getbalance(const wallet_rpc::COMMAND_RPC_GET_BALANCE::request& req, wallet_rpc::COMMAND_RPC_GET_BALANCE::response& res, epee::json_rpc::error& er)
diff --git a/src/wallet/wallet_rpc_server.h b/src/wallet/wallet_rpc_server.h
index c2532948f..b3e95c18a 100644
--- a/src/wallet/wallet_rpc_server.h
+++ b/src/wallet/wallet_rpc_server.h
@@ -50,6 +50,7 @@ namespace tools
const static command_line::arg_descriptor<std::string> arg_rpc_bind_port;
const static command_line::arg_descriptor<std::string> arg_rpc_bind_ip;
+ const static command_line::arg_descriptor<std::string> arg_user_agent;
static void init_options(boost::program_options::options_description& desc);
@@ -120,6 +121,7 @@ namespace tools
wallet2& m_wallet;
std::string m_port;
std::string m_bind_ip;
+ std::string m_user_agent;
std::atomic<bool> m_stop;
};
}