aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/simplewallet/simplewallet.cpp5
-rw-r--r--src/wallet/wallet2.h4
-rw-r--r--src/wallet/wallet_rpc_server.cpp28
-rw-r--r--src/wallet/wallet_rpc_server_error_codes.h1
4 files changed, 36 insertions, 2 deletions
diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp
index 6f3874981..ae61871dc 100644
--- a/src/simplewallet/simplewallet.cpp
+++ b/src/simplewallet/simplewallet.cpp
@@ -81,6 +81,7 @@ namespace
const command_line::arg_descriptor<int> arg_daemon_port = {"daemon-port", "Use daemon instance at port <arg> instead of 8081", 0};
const command_line::arg_descriptor<uint32_t> arg_log_level = {"set_log", "", 0, true};
const command_line::arg_descriptor<bool> arg_testnet = {"testnet", "Used to deploy test nets. The daemon must be launched with --testnet flag", false};
+ const command_line::arg_descriptor<bool> arg_restricted = {"restricted-rpc", "Restricts RPC to view only commands", false};
const command_line::arg_descriptor< std::vector<std::string> > arg_command = {"command", ""};
@@ -1336,6 +1337,7 @@ int main(int argc, char* argv[])
command_line::add_arg(desc_params, arg_non_deterministic );
command_line::add_arg(desc_params, arg_electrum_seed );
command_line::add_arg(desc_params, arg_testnet);
+ command_line::add_arg(desc_params, arg_restricted);
tools::wallet_rpc_server::init_options(desc_params);
po::positional_options_description positional_options;
@@ -1406,6 +1408,7 @@ int main(int argc, char* argv[])
}
bool testnet = command_line::get_arg(vm, arg_testnet);
+ bool restricted = command_line::get_arg(vm, arg_restricted);
std::string wallet_file = command_line::get_arg(vm, arg_wallet_file);
std::string wallet_password = command_line::get_arg(vm, arg_password);
std::string daemon_address = command_line::get_arg(vm, arg_daemon_address);
@@ -1418,7 +1421,7 @@ int main(int argc, char* argv[])
if (daemon_address.empty())
daemon_address = std::string("http://") + daemon_host + ":" + std::to_string(daemon_port);
- tools::wallet2 wal(testnet);
+ tools::wallet2 wal(testnet,restricted);
try
{
LOG_PRINT_L0("Loading wallet...");
diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h
index 073fff58b..314d8f4af 100644
--- a/src/wallet/wallet2.h
+++ b/src/wallet/wallet2.h
@@ -82,7 +82,7 @@ namespace tools
{
wallet2(const wallet2&) : m_run(true), m_callback(0), m_testnet(false) {};
public:
- wallet2(bool testnet = false) : m_run(true), m_callback(0), m_testnet(testnet), is_old_file_format(false) {};
+ wallet2(bool testnet = false, bool restricted = false) : m_run(true), m_callback(0), m_testnet(testnet), m_restricted(restricted), is_old_file_format(false) {};
struct transfer_details
{
uint64_t m_block_height;
@@ -196,6 +196,7 @@ namespace tools
bool refresh(size_t & blocks_fetched, bool& received_money, bool& ok);
bool testnet() { return m_testnet; }
+ bool restricted() const { return m_restricted; }
uint64_t balance();
uint64_t unlocked_balance();
@@ -296,6 +297,7 @@ namespace tools
i_wallet2_callback* m_callback;
bool m_testnet;
+ bool m_restricted;
std::string seed_language; /*!< Language of the mnemonics (seed). */
bool is_old_file_format; /*!< Whether the wallet file is of an old file format */
};
diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp
index d7b3f8434..be20f05de 100644
--- a/src/wallet/wallet_rpc_server.cpp
+++ b/src/wallet/wallet_rpc_server.cpp
@@ -167,6 +167,13 @@ namespace tools
std::vector<cryptonote::tx_destination_entry> dsts;
std::vector<uint8_t> extra;
+ if (m_wallet.restricted())
+ {
+ er.code = WALLET_RPC_ERROR_CODE_DENIED;
+ er.message = "Command unavailable in restricted mode.";
+ return false;
+ }
+
// validate the transfer requested and populate dsts & extra
if (!validate_transfer(req.destinations, req.payment_id, dsts, extra, er))
{
@@ -218,6 +225,13 @@ namespace tools
std::vector<cryptonote::tx_destination_entry> dsts;
std::vector<uint8_t> extra;
+ if (m_wallet.restricted())
+ {
+ er.code = WALLET_RPC_ERROR_CODE_DENIED;
+ er.message = "Command unavailable in restricted mode.";
+ return false;
+ }
+
// validate the transfer requested and populate dsts & extra; RPC_TRANSFER::request and RPC_TRANSFER_SPLIT::request are identical types.
if (!validate_transfer(req.destinations, req.payment_id, dsts, extra, er))
{
@@ -261,6 +275,13 @@ namespace tools
//------------------------------------------------------------------------------------------------------------------------------
bool wallet_rpc_server::on_store(const wallet_rpc::COMMAND_RPC_STORE::request& req, wallet_rpc::COMMAND_RPC_STORE::response& res, epee::json_rpc::error& er, connection_context& cntx)
{
+ if (m_wallet.restricted())
+ {
+ er.code = WALLET_RPC_ERROR_CODE_DENIED;
+ er.message = "Command unavailable in restricted mode.";
+ return false;
+ }
+
try
{
m_wallet.store();
@@ -409,6 +430,13 @@ namespace tools
//------------------------------------------------------------------------------------------------------------------------------
bool wallet_rpc_server::on_query_key(const wallet_rpc::COMMAND_RPC_QUERY_KEY::request& req, wallet_rpc::COMMAND_RPC_QUERY_KEY::response& res, epee::json_rpc::error& er, connection_context& cntx)
{
+ if (m_wallet.restricted())
+ {
+ er.code = WALLET_RPC_ERROR_CODE_DENIED;
+ er.message = "Command unavailable in restricted mode.";
+ return false;
+ }
+
if (req.key_type.compare("mnemonic") == 0)
{
if (!m_wallet.get_seed(res.key))
diff --git a/src/wallet/wallet_rpc_server_error_codes.h b/src/wallet/wallet_rpc_server_error_codes.h
index 28df1acf2..28642c19d 100644
--- a/src/wallet/wallet_rpc_server_error_codes.h
+++ b/src/wallet/wallet_rpc_server_error_codes.h
@@ -37,3 +37,4 @@
#define WALLET_RPC_ERROR_CODE_GENERIC_TRANSFER_ERROR -4
#define WALLET_RPC_ERROR_CODE_WRONG_PAYMENT_ID -5
#define WALLET_RPC_ERROR_CODE_TRANSFER_TYPE -6
+#define WALLET_RPC_ERROR_CODE_DENIED -7