aboutsummaryrefslogtreecommitdiff
path: root/src/rpc
diff options
context:
space:
mode:
Diffstat (limited to 'src/rpc')
-rw-r--r--src/rpc/core_rpc_server.cpp62
-rw-r--r--src/rpc/core_rpc_server_error_codes.h2
-rw-r--r--src/rpc/rpc_args.cpp4
-rw-r--r--src/rpc/rpc_payment.cpp14
-rw-r--r--src/rpc/rpc_payment.h2
5 files changed, 68 insertions, 16 deletions
diff --git a/src/rpc/core_rpc_server.cpp b/src/rpc/core_rpc_server.cpp
index b968801be..bc561abc4 100644
--- a/src/rpc/core_rpc_server.cpp
+++ b/src/rpc/core_rpc_server.cpp
@@ -68,6 +68,11 @@ using namespace epee;
#define DEFAULT_PAYMENT_DIFFICULTY 1000
#define DEFAULT_PAYMENT_CREDITS_PER_HASH 100
+#define RESTRICTED_BLOCK_HEADER_RANGE 1000
+#define RESTRICTED_TRANSACTIONS_COUNT 100
+#define RESTRICTED_SPENT_KEY_IMAGES_COUNT 5000
+#define RESTRICTED_BLOCK_COUNT 1000
+
#define RPC_TRACKER(rpc) \
PERF_TIMER(rpc); \
RPCTracker tracker(#rpc, PERF_TIMER_NAME(rpc))
@@ -265,25 +270,25 @@ namespace cryptonote
{
if (!m_restricted && nettype() != FAKECHAIN)
{
- MERROR("RPC payment enabled, but server is not restricted, anyone can adjust their balance to bypass payment");
+ MFATAL("RPC payment enabled, but server is not restricted, anyone can adjust their balance to bypass payment");
return false;
}
cryptonote::address_parse_info info;
if (!get_account_address_from_str(info, nettype(), address))
{
- MERROR("Invalid payment address: " << address);
+ MFATAL("Invalid payment address: " << address);
return false;
}
if (info.is_subaddress)
{
- MERROR("Payment address may not be a subaddress: " << address);
+ MFATAL("Payment address may not be a subaddress: " << address);
return false;
}
uint64_t diff = command_line::get_arg(vm, arg_rpc_payment_difficulty);
uint64_t credits = command_line::get_arg(vm, arg_rpc_payment_credits);
if (diff == 0 || credits == 0)
{
- MERROR("Payments difficulty and/or payments credits are 0, but a payment address was given");
+ MFATAL("Payments difficulty and/or payments credits are 0, but a payment address was given");
return false;
}
m_rpc_payment_allow_free_loopback = command_line::get_arg(vm, arg_rpc_payment_allow_free_loopback);
@@ -303,7 +308,7 @@ namespace cryptonote
if (!set_bootstrap_daemon(command_line::get_arg(vm, arg_bootstrap_daemon_address),
command_line::get_arg(vm, arg_bootstrap_daemon_login)))
{
- MERROR("Failed to parse bootstrap daemon address");
+ MFATAL("Failed to parse bootstrap daemon address");
return false;
}
@@ -639,6 +644,13 @@ namespace cryptonote
if (use_bootstrap_daemon_if_necessary<COMMAND_RPC_GET_BLOCKS_BY_HEIGHT>(invoke_http_mode::BIN, "/getblocks_by_height.bin", req, res, r))
return r;
+ const bool restricted = m_restricted && ctx;
+ if (restricted && req.heights.size() > RESTRICTED_BLOCK_COUNT)
+ {
+ res.status = "Too many blocks requested in restricted mode";
+ return true;
+ }
+
res.status = "Failed";
res.blocks.clear();
res.blocks.reserve(req.heights.size());
@@ -793,11 +805,17 @@ namespace cryptonote
if (use_bootstrap_daemon_if_necessary<COMMAND_RPC_GET_TRANSACTIONS>(invoke_http_mode::JON, "/gettransactions", req, res, ok))
return ok;
- CHECK_PAYMENT_MIN1(req, res, req.txs_hashes.size() * COST_PER_TX, false);
-
const bool restricted = m_restricted && ctx;
const bool request_has_rpc_origin = ctx != NULL;
+ if (restricted && req.txs_hashes.size() > RESTRICTED_TRANSACTIONS_COUNT)
+ {
+ res.status = "Too many transactions requested in restricted mode";
+ return true;
+ }
+
+ CHECK_PAYMENT_MIN1(req, res, req.txs_hashes.size() * COST_PER_TX, false);
+
std::vector<crypto::hash> vh;
for(const auto& tx_hex_str: req.txs_hashes)
{
@@ -1027,11 +1045,17 @@ namespace cryptonote
if (use_bootstrap_daemon_if_necessary<COMMAND_RPC_IS_KEY_IMAGE_SPENT>(invoke_http_mode::JON, "/is_key_image_spent", req, res, ok))
return ok;
- CHECK_PAYMENT_MIN1(req, res, req.key_images.size() * COST_PER_KEY_IMAGE, false);
-
const bool restricted = m_restricted && ctx;
const bool request_has_rpc_origin = ctx != NULL;
+ if (restricted && req.key_images.size() > RESTRICTED_SPENT_KEY_IMAGES_COUNT)
+ {
+ res.status = "Too many key images queried in restricted mode";
+ return true;
+ }
+
+ CHECK_PAYMENT_MIN1(req, res, req.key_images.size() * COST_PER_KEY_IMAGE, false);
+
std::vector<crypto::key_image> key_images;
for(const auto& ki_hex_str: req.key_images)
{
@@ -2034,6 +2058,14 @@ namespace cryptonote
CHECK_PAYMENT_MIN1(req, res, COST_PER_BLOCK_HEADER, false);
+ const bool restricted = m_restricted && ctx;
+ if (restricted && req.hashes.size() > RESTRICTED_BLOCK_COUNT)
+ {
+ error_resp.code = CORE_RPC_ERROR_CODE_RESTRICTED;
+ error_resp.message = "Too many block headers requested in restricted mode";
+ return false;
+ }
+
auto get = [this](const std::string &hash, bool fill_pow_hash, block_header_response &block_header, bool restricted, epee::json_rpc::error& error_resp) -> bool {
crypto::hash block_hash;
bool hash_parsed = parse_hash256(hash, block_hash);
@@ -2069,7 +2101,6 @@ namespace cryptonote
return true;
};
- const bool restricted = m_restricted && ctx;
if (!req.hash.empty())
{
if (!get(req.hash, req.fill_pow_hash, res.block_header, restricted, error_resp))
@@ -2101,6 +2132,14 @@ namespace cryptonote
error_resp.message = "Invalid start/end heights.";
return false;
}
+ const bool restricted = m_restricted && ctx;
+ if (restricted && req.end_height - req.start_height > RESTRICTED_BLOCK_HEADER_RANGE)
+ {
+ error_resp.code = CORE_RPC_ERROR_CODE_RESTRICTED;
+ error_resp.message = "Too many block headers requested.";
+ return false;
+ }
+
CHECK_PAYMENT_MIN1(req, res, (req.end_height - req.start_height + 1) * COST_PER_BLOCK_HEADER, false);
for (uint64_t h = req.start_height; h <= req.end_height; ++h)
{
@@ -2127,7 +2166,6 @@ namespace cryptonote
return false;
}
res.headers.push_back(block_header_response());
- const bool restricted = m_restricted && ctx;
bool response_filled = fill_block_header_response(blk, false, block_height, block_hash, res.headers.back(), req.fill_pow_hash && !restricted);
if (!response_filled)
{
@@ -2778,7 +2816,7 @@ namespace cryptonote
crypto::hash txid = *reinterpret_cast<const crypto::hash*>(txid_data.data());
cryptonote::blobdata txblob;
- if (!m_core.get_pool_transaction(txid, txblob, relay_category::legacy))
+ if (m_core.get_pool_transaction(txid, txblob, relay_category::legacy))
{
NOTIFY_NEW_TRANSACTIONS::request r;
r.txs.push_back(std::move(txblob));
diff --git a/src/rpc/core_rpc_server_error_codes.h b/src/rpc/core_rpc_server_error_codes.h
index 8ea8bd649..1458049ab 100644
--- a/src/rpc/core_rpc_server_error_codes.h
+++ b/src/rpc/core_rpc_server_error_codes.h
@@ -48,6 +48,7 @@
#define CORE_RPC_ERROR_CODE_PAYMENT_TOO_LOW -16
#define CORE_RPC_ERROR_CODE_DUPLICATE_PAYMENT -17
#define CORE_RPC_ERROR_CODE_STALE_PAYMENT -18
+#define CORE_RPC_ERROR_CODE_RESTRICTED -19
static inline const char *get_rpc_server_error_message(int64_t code)
{
@@ -70,6 +71,7 @@ static inline const char *get_rpc_server_error_message(int64_t code)
case CORE_RPC_ERROR_CODE_PAYMENT_TOO_LOW: return "Payment too low";
case CORE_RPC_ERROR_CODE_DUPLICATE_PAYMENT: return "Duplicate payment";
case CORE_RPC_ERROR_CODE_STALE_PAYMENT: return "Stale payment";
+ case CORE_RPC_ERROR_CODE_RESTRICTED: return "Parameters beyond restricted allowance";
default: MERROR("Unknown error: " << code); return "Unknown error";
}
}
diff --git a/src/rpc/rpc_args.cpp b/src/rpc/rpc_args.cpp
index 9153e76ea..8601bd0b4 100644
--- a/src/rpc/rpc_args.cpp
+++ b/src/rpc/rpc_args.cpp
@@ -30,7 +30,7 @@
#include <boost/algorithm/string.hpp>
#include <boost/asio/ip/address.hpp>
-#include <boost/bind.hpp>
+#include <functional>
#include "common/command_line.h"
#include "common/i18n.h"
#include "hex.h"
@@ -221,7 +221,7 @@ namespace cryptonote
std::vector<std::string> access_control_origins;
boost::split(access_control_origins, access_control_origins_input, boost::is_any_of(","));
- std::for_each(access_control_origins.begin(), access_control_origins.end(), boost::bind(&boost::trim<std::string>, _1, std::locale::classic()));
+ std::for_each(access_control_origins.begin(), access_control_origins.end(), std::bind(&boost::trim<std::string>, std::placeholders::_1, std::locale::classic()));
config.access_control_origins = std::move(access_control_origins);
}
diff --git a/src/rpc/rpc_payment.cpp b/src/rpc/rpc_payment.cpp
index 49bf6ba58..edc8f0dda 100644
--- a/src/rpc/rpc_payment.cpp
+++ b/src/rpc/rpc_payment.cpp
@@ -92,6 +92,7 @@ namespace cryptonote
uint64_t rpc_payment::balance(const crypto::public_key &client, int64_t delta)
{
+ boost::lock_guard<boost::mutex> lock(mutex);
client_info &info = m_client_info[client]; // creates if not found
uint64_t credits = info.credits;
if (delta > 0 && credits > std::numeric_limits<uint64_t>::max() - delta)
@@ -107,6 +108,7 @@ namespace cryptonote
bool rpc_payment::pay(const crypto::public_key &client, uint64_t ts, uint64_t payment, const std::string &rpc, bool same_ts, uint64_t &credits)
{
+ boost::lock_guard<boost::mutex> lock(mutex);
client_info &info = m_client_info[client]; // creates if not found
if (ts < info.last_request_timestamp || (ts == info.last_request_timestamp && !same_ts))
{
@@ -130,6 +132,7 @@ namespace cryptonote
bool rpc_payment::get_info(const crypto::public_key &client, const std::function<bool(const cryptonote::blobdata&, cryptonote::block&, uint64_t &seed_height, crypto::hash &seed_hash)> &get_block_template, cryptonote::blobdata &hashing_blob, uint64_t &seed_height, crypto::hash &seed_hash, const crypto::hash &top, uint64_t &diff, uint64_t &credits_per_hash_found, uint64_t &credits, uint32_t &cookie)
{
+ boost::lock_guard<boost::mutex> lock(mutex);
client_info &info = m_client_info[client]; // creates if not found
const uint64_t now = time(NULL);
bool need_template = top != info.top || now >= info.block_template_update_time + STALE_THRESHOLD;
@@ -180,6 +183,7 @@ namespace cryptonote
bool rpc_payment::submit_nonce(const crypto::public_key &client, uint32_t nonce, const crypto::hash &top, int64_t &error_code, std::string &error_message, uint64_t &credits, crypto::hash &hash, cryptonote::block &block, uint32_t cookie, bool &stale)
{
+ boost::lock_guard<boost::mutex> lock(mutex);
client_info &info = m_client_info[client]; // creates if not found
if (cookie != info.cookie && cookie != info.cookie - 1)
{
@@ -272,6 +276,7 @@ namespace cryptonote
bool rpc_payment::foreach(const std::function<bool(const crypto::public_key &client, const client_info &info)> &f) const
{
+ boost::lock_guard<boost::mutex> lock(mutex);
for (std::unordered_map<crypto::public_key, client_info>::const_iterator i = m_client_info.begin(); i != m_client_info.end(); ++i)
{
if (!f(i->first, i->second))
@@ -283,8 +288,9 @@ namespace cryptonote
bool rpc_payment::load(std::string directory)
{
TRY_ENTRY();
+ boost::lock_guard<boost::mutex> lock(mutex);
m_directory = std::move(directory);
- std::string state_file_path = directory + "/" + RPC_PAYMENTS_DATA_FILENAME;
+ std::string state_file_path = m_directory + "/" + RPC_PAYMENTS_DATA_FILENAME;
MINFO("loading rpc payments data from " << state_file_path);
std::ifstream data;
data.open(state_file_path, std::ios_base::binary | std::ios_base::in);
@@ -313,6 +319,7 @@ namespace cryptonote
bool rpc_payment::store(const std::string &directory_) const
{
TRY_ENTRY();
+ boost::lock_guard<boost::mutex> lock(mutex);
const std::string &directory = directory_.empty() ? m_directory : directory_;
MDEBUG("storing rpc payments data to " << directory);
if (!tools::create_directories_if_necessary(directory))
@@ -345,6 +352,7 @@ namespace cryptonote
unsigned int rpc_payment::flush_by_age(time_t seconds)
{
+ boost::lock_guard<boost::mutex> lock(mutex);
unsigned int count = 0;
const time_t now = time(NULL);
time_t seconds0 = seconds;
@@ -358,7 +366,7 @@ namespace cryptonote
for (std::unordered_map<crypto::public_key, client_info>::iterator i = m_client_info.begin(); i != m_client_info.end(); )
{
std::unordered_map<crypto::public_key, client_info>::iterator j = i++;
- const time_t t = std::max(j->second.last_request_timestamp, j->second.update_time);
+ const time_t t = std::max(j->second.last_request_timestamp / 1000000, j->second.update_time);
const bool erase = t < ((j->second.credits == 0) ? threshold0 : threshold);
if (erase)
{
@@ -372,6 +380,7 @@ namespace cryptonote
uint64_t rpc_payment::get_hashes(unsigned int seconds) const
{
+ boost::lock_guard<boost::mutex> lock(mutex);
const uint64_t now = time(NULL);
uint64_t hashes = 0;
for (std::map<uint64_t, uint64_t>::const_reverse_iterator i = m_hashrate.crbegin(); i != m_hashrate.crend(); ++i)
@@ -385,6 +394,7 @@ namespace cryptonote
void rpc_payment::prune_hashrate(unsigned int seconds)
{
+ boost::lock_guard<boost::mutex> lock(mutex);
const uint64_t now = time(NULL);
std::map<uint64_t, uint64_t>::iterator i;
for (i = m_hashrate.begin(); i != m_hashrate.end(); ++i)
diff --git a/src/rpc/rpc_payment.h b/src/rpc/rpc_payment.h
index 8594cffcf..dcd43f8d5 100644
--- a/src/rpc/rpc_payment.h
+++ b/src/rpc/rpc_payment.h
@@ -31,6 +31,7 @@
#include <string>
#include <unordered_set>
#include <unordered_map>
+#include <boost/thread/mutex.hpp>
#include <boost/serialization/version.hpp>
#include "cryptonote_basic/blobdatatype.h"
#include "cryptonote_basic/cryptonote_basic.h"
@@ -139,6 +140,7 @@ namespace cryptonote
uint64_t m_nonces_stale;
uint64_t m_nonces_bad;
uint64_t m_nonces_dupe;
+ mutable boost::mutex mutex;
};
}