diff options
-rw-r--r-- | src/simplewallet/simplewallet.cpp | 5 | ||||
-rw-r--r-- | src/wallet/wallet2.h | 4 | ||||
-rw-r--r-- | src/wallet/wallet_rpc_server.cpp | 28 | ||||
-rw-r--r-- | src/wallet/wallet_rpc_server_error_codes.h | 1 |
4 files changed, 36 insertions, 2 deletions
diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp index 6f3874981..ae61871dc 100644 --- a/src/simplewallet/simplewallet.cpp +++ b/src/simplewallet/simplewallet.cpp @@ -81,6 +81,7 @@ namespace const command_line::arg_descriptor<int> arg_daemon_port = {"daemon-port", "Use daemon instance at port <arg> instead of 8081", 0}; const command_line::arg_descriptor<uint32_t> arg_log_level = {"set_log", "", 0, true}; const command_line::arg_descriptor<bool> arg_testnet = {"testnet", "Used to deploy test nets. The daemon must be launched with --testnet flag", false}; + const command_line::arg_descriptor<bool> arg_restricted = {"restricted-rpc", "Restricts RPC to view only commands", false}; const command_line::arg_descriptor< std::vector<std::string> > arg_command = {"command", ""}; @@ -1336,6 +1337,7 @@ int main(int argc, char* argv[]) command_line::add_arg(desc_params, arg_non_deterministic ); command_line::add_arg(desc_params, arg_electrum_seed ); command_line::add_arg(desc_params, arg_testnet); + command_line::add_arg(desc_params, arg_restricted); tools::wallet_rpc_server::init_options(desc_params); po::positional_options_description positional_options; @@ -1406,6 +1408,7 @@ int main(int argc, char* argv[]) } bool testnet = command_line::get_arg(vm, arg_testnet); + bool restricted = command_line::get_arg(vm, arg_restricted); std::string wallet_file = command_line::get_arg(vm, arg_wallet_file); std::string wallet_password = command_line::get_arg(vm, arg_password); std::string daemon_address = command_line::get_arg(vm, arg_daemon_address); @@ -1418,7 +1421,7 @@ int main(int argc, char* argv[]) if (daemon_address.empty()) daemon_address = std::string("http://") + daemon_host + ":" + std::to_string(daemon_port); - tools::wallet2 wal(testnet); + tools::wallet2 wal(testnet,restricted); try { LOG_PRINT_L0("Loading wallet..."); diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h index 073fff58b..314d8f4af 100644 --- a/src/wallet/wallet2.h +++ b/src/wallet/wallet2.h @@ -82,7 +82,7 @@ namespace tools { wallet2(const wallet2&) : m_run(true), m_callback(0), m_testnet(false) {}; public: - wallet2(bool testnet = false) : m_run(true), m_callback(0), m_testnet(testnet), is_old_file_format(false) {}; + wallet2(bool testnet = false, bool restricted = false) : m_run(true), m_callback(0), m_testnet(testnet), m_restricted(restricted), is_old_file_format(false) {}; struct transfer_details { uint64_t m_block_height; @@ -196,6 +196,7 @@ namespace tools bool refresh(size_t & blocks_fetched, bool& received_money, bool& ok); bool testnet() { return m_testnet; } + bool restricted() const { return m_restricted; } uint64_t balance(); uint64_t unlocked_balance(); @@ -296,6 +297,7 @@ namespace tools i_wallet2_callback* m_callback; bool m_testnet; + bool m_restricted; std::string seed_language; /*!< Language of the mnemonics (seed). */ bool is_old_file_format; /*!< Whether the wallet file is of an old file format */ }; diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp index d7b3f8434..be20f05de 100644 --- a/src/wallet/wallet_rpc_server.cpp +++ b/src/wallet/wallet_rpc_server.cpp @@ -167,6 +167,13 @@ namespace tools std::vector<cryptonote::tx_destination_entry> dsts; std::vector<uint8_t> extra; + if (m_wallet.restricted()) + { + er.code = WALLET_RPC_ERROR_CODE_DENIED; + er.message = "Command unavailable in restricted mode."; + return false; + } + // validate the transfer requested and populate dsts & extra if (!validate_transfer(req.destinations, req.payment_id, dsts, extra, er)) { @@ -218,6 +225,13 @@ namespace tools std::vector<cryptonote::tx_destination_entry> dsts; std::vector<uint8_t> extra; + if (m_wallet.restricted()) + { + er.code = WALLET_RPC_ERROR_CODE_DENIED; + er.message = "Command unavailable in restricted mode."; + return false; + } + // validate the transfer requested and populate dsts & extra; RPC_TRANSFER::request and RPC_TRANSFER_SPLIT::request are identical types. if (!validate_transfer(req.destinations, req.payment_id, dsts, extra, er)) { @@ -261,6 +275,13 @@ namespace tools //------------------------------------------------------------------------------------------------------------------------------ bool wallet_rpc_server::on_store(const wallet_rpc::COMMAND_RPC_STORE::request& req, wallet_rpc::COMMAND_RPC_STORE::response& res, epee::json_rpc::error& er, connection_context& cntx) { + if (m_wallet.restricted()) + { + er.code = WALLET_RPC_ERROR_CODE_DENIED; + er.message = "Command unavailable in restricted mode."; + return false; + } + try { m_wallet.store(); @@ -409,6 +430,13 @@ namespace tools //------------------------------------------------------------------------------------------------------------------------------ bool wallet_rpc_server::on_query_key(const wallet_rpc::COMMAND_RPC_QUERY_KEY::request& req, wallet_rpc::COMMAND_RPC_QUERY_KEY::response& res, epee::json_rpc::error& er, connection_context& cntx) { + if (m_wallet.restricted()) + { + er.code = WALLET_RPC_ERROR_CODE_DENIED; + er.message = "Command unavailable in restricted mode."; + return false; + } + if (req.key_type.compare("mnemonic") == 0) { if (!m_wallet.get_seed(res.key)) diff --git a/src/wallet/wallet_rpc_server_error_codes.h b/src/wallet/wallet_rpc_server_error_codes.h index 28df1acf2..28642c19d 100644 --- a/src/wallet/wallet_rpc_server_error_codes.h +++ b/src/wallet/wallet_rpc_server_error_codes.h @@ -37,3 +37,4 @@ #define WALLET_RPC_ERROR_CODE_GENERIC_TRANSFER_ERROR -4 #define WALLET_RPC_ERROR_CODE_WRONG_PAYMENT_ID -5 #define WALLET_RPC_ERROR_CODE_TRANSFER_TYPE -6 +#define WALLET_RPC_ERROR_CODE_DENIED -7 |