diff options
Diffstat (limited to 'src/rpc')
-rw-r--r-- | src/rpc/core_rpc_server.cpp | 62 | ||||
-rw-r--r-- | src/rpc/core_rpc_server_error_codes.h | 2 | ||||
-rw-r--r-- | src/rpc/rpc_args.cpp | 4 | ||||
-rw-r--r-- | src/rpc/rpc_payment.cpp | 14 | ||||
-rw-r--r-- | src/rpc/rpc_payment.h | 2 |
5 files changed, 68 insertions, 16 deletions
diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp index b968801be..bc561abc4 100644 --- a/src/rpc/core_rpc_server.cpp +++ b/src/rpc/core_rpc_server.cpp @@ -68,6 +68,11 @@ using namespace epee; #define DEFAULT_PAYMENT_DIFFICULTY 1000 #define DEFAULT_PAYMENT_CREDITS_PER_HASH 100 +#define RESTRICTED_BLOCK_HEADER_RANGE 1000 +#define RESTRICTED_TRANSACTIONS_COUNT 100 +#define RESTRICTED_SPENT_KEY_IMAGES_COUNT 5000 +#define RESTRICTED_BLOCK_COUNT 1000 + #define RPC_TRACKER(rpc) \ PERF_TIMER(rpc); \ RPCTracker tracker(#rpc, PERF_TIMER_NAME(rpc)) @@ -265,25 +270,25 @@ namespace cryptonote { if (!m_restricted && nettype() != FAKECHAIN) { - MERROR("RPC payment enabled, but server is not restricted, anyone can adjust their balance to bypass payment"); + MFATAL("RPC payment enabled, but server is not restricted, anyone can adjust their balance to bypass payment"); return false; } cryptonote::address_parse_info info; if (!get_account_address_from_str(info, nettype(), address)) { - MERROR("Invalid payment address: " << address); + MFATAL("Invalid payment address: " << address); return false; } if (info.is_subaddress) { - MERROR("Payment address may not be a subaddress: " << address); + MFATAL("Payment address may not be a subaddress: " << address); return false; } uint64_t diff = command_line::get_arg(vm, arg_rpc_payment_difficulty); uint64_t credits = command_line::get_arg(vm, arg_rpc_payment_credits); if (diff == 0 || credits == 0) { - MERROR("Payments difficulty and/or payments credits are 0, but a payment address was given"); + MFATAL("Payments difficulty and/or payments credits are 0, but a payment address was given"); return false; } m_rpc_payment_allow_free_loopback = command_line::get_arg(vm, arg_rpc_payment_allow_free_loopback); @@ -303,7 +308,7 @@ namespace cryptonote if (!set_bootstrap_daemon(command_line::get_arg(vm, arg_bootstrap_daemon_address), command_line::get_arg(vm, arg_bootstrap_daemon_login))) { - MERROR("Failed to parse bootstrap daemon address"); + MFATAL("Failed to parse bootstrap daemon address"); return false; } @@ -639,6 +644,13 @@ namespace cryptonote if (use_bootstrap_daemon_if_necessary<COMMAND_RPC_GET_BLOCKS_BY_HEIGHT>(invoke_http_mode::BIN, "/getblocks_by_height.bin", req, res, r)) return r; + const bool restricted = m_restricted && ctx; + if (restricted && req.heights.size() > RESTRICTED_BLOCK_COUNT) + { + res.status = "Too many blocks requested in restricted mode"; + return true; + } + res.status = "Failed"; res.blocks.clear(); res.blocks.reserve(req.heights.size()); @@ -793,11 +805,17 @@ namespace cryptonote if (use_bootstrap_daemon_if_necessary<COMMAND_RPC_GET_TRANSACTIONS>(invoke_http_mode::JON, "/gettransactions", req, res, ok)) return ok; - CHECK_PAYMENT_MIN1(req, res, req.txs_hashes.size() * COST_PER_TX, false); - const bool restricted = m_restricted && ctx; const bool request_has_rpc_origin = ctx != NULL; + if (restricted && req.txs_hashes.size() > RESTRICTED_TRANSACTIONS_COUNT) + { + res.status = "Too many transactions requested in restricted mode"; + return true; + } + + CHECK_PAYMENT_MIN1(req, res, req.txs_hashes.size() * COST_PER_TX, false); + std::vector<crypto::hash> vh; for(const auto& tx_hex_str: req.txs_hashes) { @@ -1027,11 +1045,17 @@ namespace cryptonote if (use_bootstrap_daemon_if_necessary<COMMAND_RPC_IS_KEY_IMAGE_SPENT>(invoke_http_mode::JON, "/is_key_image_spent", req, res, ok)) return ok; - CHECK_PAYMENT_MIN1(req, res, req.key_images.size() * COST_PER_KEY_IMAGE, false); - const bool restricted = m_restricted && ctx; const bool request_has_rpc_origin = ctx != NULL; + if (restricted && req.key_images.size() > RESTRICTED_SPENT_KEY_IMAGES_COUNT) + { + res.status = "Too many key images queried in restricted mode"; + return true; + } + + CHECK_PAYMENT_MIN1(req, res, req.key_images.size() * COST_PER_KEY_IMAGE, false); + std::vector<crypto::key_image> key_images; for(const auto& ki_hex_str: req.key_images) { @@ -2034,6 +2058,14 @@ namespace cryptonote CHECK_PAYMENT_MIN1(req, res, COST_PER_BLOCK_HEADER, false); + const bool restricted = m_restricted && ctx; + if (restricted && req.hashes.size() > RESTRICTED_BLOCK_COUNT) + { + error_resp.code = CORE_RPC_ERROR_CODE_RESTRICTED; + error_resp.message = "Too many block headers requested in restricted mode"; + return false; + } + auto get = [this](const std::string &hash, bool fill_pow_hash, block_header_response &block_header, bool restricted, epee::json_rpc::error& error_resp) -> bool { crypto::hash block_hash; bool hash_parsed = parse_hash256(hash, block_hash); @@ -2069,7 +2101,6 @@ namespace cryptonote return true; }; - const bool restricted = m_restricted && ctx; if (!req.hash.empty()) { if (!get(req.hash, req.fill_pow_hash, res.block_header, restricted, error_resp)) @@ -2101,6 +2132,14 @@ namespace cryptonote error_resp.message = "Invalid start/end heights."; return false; } + const bool restricted = m_restricted && ctx; + if (restricted && req.end_height - req.start_height > RESTRICTED_BLOCK_HEADER_RANGE) + { + error_resp.code = CORE_RPC_ERROR_CODE_RESTRICTED; + error_resp.message = "Too many block headers requested."; + return false; + } + CHECK_PAYMENT_MIN1(req, res, (req.end_height - req.start_height + 1) * COST_PER_BLOCK_HEADER, false); for (uint64_t h = req.start_height; h <= req.end_height; ++h) { @@ -2127,7 +2166,6 @@ namespace cryptonote return false; } res.headers.push_back(block_header_response()); - const bool restricted = m_restricted && ctx; bool response_filled = fill_block_header_response(blk, false, block_height, block_hash, res.headers.back(), req.fill_pow_hash && !restricted); if (!response_filled) { @@ -2778,7 +2816,7 @@ namespace cryptonote crypto::hash txid = *reinterpret_cast<const crypto::hash*>(txid_data.data()); cryptonote::blobdata txblob; - if (!m_core.get_pool_transaction(txid, txblob, relay_category::legacy)) + if (m_core.get_pool_transaction(txid, txblob, relay_category::legacy)) { NOTIFY_NEW_TRANSACTIONS::request r; r.txs.push_back(std::move(txblob)); diff --git a/src/rpc/core_rpc_server_error_codes.h b/src/rpc/core_rpc_server_error_codes.h index 8ea8bd649..1458049ab 100644 --- a/src/rpc/core_rpc_server_error_codes.h +++ b/src/rpc/core_rpc_server_error_codes.h @@ -48,6 +48,7 @@ #define CORE_RPC_ERROR_CODE_PAYMENT_TOO_LOW -16 #define CORE_RPC_ERROR_CODE_DUPLICATE_PAYMENT -17 #define CORE_RPC_ERROR_CODE_STALE_PAYMENT -18 +#define CORE_RPC_ERROR_CODE_RESTRICTED -19 static inline const char *get_rpc_server_error_message(int64_t code) { @@ -70,6 +71,7 @@ static inline const char *get_rpc_server_error_message(int64_t code) case CORE_RPC_ERROR_CODE_PAYMENT_TOO_LOW: return "Payment too low"; case CORE_RPC_ERROR_CODE_DUPLICATE_PAYMENT: return "Duplicate payment"; case CORE_RPC_ERROR_CODE_STALE_PAYMENT: return "Stale payment"; + case CORE_RPC_ERROR_CODE_RESTRICTED: return "Parameters beyond restricted allowance"; default: MERROR("Unknown error: " << code); return "Unknown error"; } } diff --git a/src/rpc/rpc_args.cpp b/src/rpc/rpc_args.cpp index 9153e76ea..8601bd0b4 100644 --- a/src/rpc/rpc_args.cpp +++ b/src/rpc/rpc_args.cpp @@ -30,7 +30,7 @@ #include <boost/algorithm/string.hpp> #include <boost/asio/ip/address.hpp> -#include <boost/bind.hpp> +#include <functional> #include "common/command_line.h" #include "common/i18n.h" #include "hex.h" @@ -221,7 +221,7 @@ namespace cryptonote std::vector<std::string> access_control_origins; boost::split(access_control_origins, access_control_origins_input, boost::is_any_of(",")); - std::for_each(access_control_origins.begin(), access_control_origins.end(), boost::bind(&boost::trim<std::string>, _1, std::locale::classic())); + std::for_each(access_control_origins.begin(), access_control_origins.end(), std::bind(&boost::trim<std::string>, std::placeholders::_1, std::locale::classic())); config.access_control_origins = std::move(access_control_origins); } diff --git a/src/rpc/rpc_payment.cpp b/src/rpc/rpc_payment.cpp index 49bf6ba58..edc8f0dda 100644 --- a/src/rpc/rpc_payment.cpp +++ b/src/rpc/rpc_payment.cpp @@ -92,6 +92,7 @@ namespace cryptonote uint64_t rpc_payment::balance(const crypto::public_key &client, int64_t delta) { + boost::lock_guard<boost::mutex> lock(mutex); client_info &info = m_client_info[client]; // creates if not found uint64_t credits = info.credits; if (delta > 0 && credits > std::numeric_limits<uint64_t>::max() - delta) @@ -107,6 +108,7 @@ namespace cryptonote bool rpc_payment::pay(const crypto::public_key &client, uint64_t ts, uint64_t payment, const std::string &rpc, bool same_ts, uint64_t &credits) { + boost::lock_guard<boost::mutex> lock(mutex); client_info &info = m_client_info[client]; // creates if not found if (ts < info.last_request_timestamp || (ts == info.last_request_timestamp && !same_ts)) { @@ -130,6 +132,7 @@ namespace cryptonote bool rpc_payment::get_info(const crypto::public_key &client, const std::function<bool(const cryptonote::blobdata&, cryptonote::block&, uint64_t &seed_height, crypto::hash &seed_hash)> &get_block_template, cryptonote::blobdata &hashing_blob, uint64_t &seed_height, crypto::hash &seed_hash, const crypto::hash &top, uint64_t &diff, uint64_t &credits_per_hash_found, uint64_t &credits, uint32_t &cookie) { + boost::lock_guard<boost::mutex> lock(mutex); client_info &info = m_client_info[client]; // creates if not found const uint64_t now = time(NULL); bool need_template = top != info.top || now >= info.block_template_update_time + STALE_THRESHOLD; @@ -180,6 +183,7 @@ namespace cryptonote bool rpc_payment::submit_nonce(const crypto::public_key &client, uint32_t nonce, const crypto::hash &top, int64_t &error_code, std::string &error_message, uint64_t &credits, crypto::hash &hash, cryptonote::block &block, uint32_t cookie, bool &stale) { + boost::lock_guard<boost::mutex> lock(mutex); client_info &info = m_client_info[client]; // creates if not found if (cookie != info.cookie && cookie != info.cookie - 1) { @@ -272,6 +276,7 @@ namespace cryptonote bool rpc_payment::foreach(const std::function<bool(const crypto::public_key &client, const client_info &info)> &f) const { + boost::lock_guard<boost::mutex> lock(mutex); for (std::unordered_map<crypto::public_key, client_info>::const_iterator i = m_client_info.begin(); i != m_client_info.end(); ++i) { if (!f(i->first, i->second)) @@ -283,8 +288,9 @@ namespace cryptonote bool rpc_payment::load(std::string directory) { TRY_ENTRY(); + boost::lock_guard<boost::mutex> lock(mutex); m_directory = std::move(directory); - std::string state_file_path = directory + "/" + RPC_PAYMENTS_DATA_FILENAME; + std::string state_file_path = m_directory + "/" + RPC_PAYMENTS_DATA_FILENAME; MINFO("loading rpc payments data from " << state_file_path); std::ifstream data; data.open(state_file_path, std::ios_base::binary | std::ios_base::in); @@ -313,6 +319,7 @@ namespace cryptonote bool rpc_payment::store(const std::string &directory_) const { TRY_ENTRY(); + boost::lock_guard<boost::mutex> lock(mutex); const std::string &directory = directory_.empty() ? m_directory : directory_; MDEBUG("storing rpc payments data to " << directory); if (!tools::create_directories_if_necessary(directory)) @@ -345,6 +352,7 @@ namespace cryptonote unsigned int rpc_payment::flush_by_age(time_t seconds) { + boost::lock_guard<boost::mutex> lock(mutex); unsigned int count = 0; const time_t now = time(NULL); time_t seconds0 = seconds; @@ -358,7 +366,7 @@ namespace cryptonote for (std::unordered_map<crypto::public_key, client_info>::iterator i = m_client_info.begin(); i != m_client_info.end(); ) { std::unordered_map<crypto::public_key, client_info>::iterator j = i++; - const time_t t = std::max(j->second.last_request_timestamp, j->second.update_time); + const time_t t = std::max(j->second.last_request_timestamp / 1000000, j->second.update_time); const bool erase = t < ((j->second.credits == 0) ? threshold0 : threshold); if (erase) { @@ -372,6 +380,7 @@ namespace cryptonote uint64_t rpc_payment::get_hashes(unsigned int seconds) const { + boost::lock_guard<boost::mutex> lock(mutex); const uint64_t now = time(NULL); uint64_t hashes = 0; for (std::map<uint64_t, uint64_t>::const_reverse_iterator i = m_hashrate.crbegin(); i != m_hashrate.crend(); ++i) @@ -385,6 +394,7 @@ namespace cryptonote void rpc_payment::prune_hashrate(unsigned int seconds) { + boost::lock_guard<boost::mutex> lock(mutex); const uint64_t now = time(NULL); std::map<uint64_t, uint64_t>::iterator i; for (i = m_hashrate.begin(); i != m_hashrate.end(); ++i) diff --git a/src/rpc/rpc_payment.h b/src/rpc/rpc_payment.h index 8594cffcf..dcd43f8d5 100644 --- a/src/rpc/rpc_payment.h +++ b/src/rpc/rpc_payment.h @@ -31,6 +31,7 @@ #include <string> #include <unordered_set> #include <unordered_map> +#include <boost/thread/mutex.hpp> #include <boost/serialization/version.hpp> #include "cryptonote_basic/blobdatatype.h" #include "cryptonote_basic/cryptonote_basic.h" @@ -139,6 +140,7 @@ namespace cryptonote uint64_t m_nonces_stale; uint64_t m_nonces_bad; uint64_t m_nonces_dupe; + mutable boost::mutex mutex; }; } |