From 18462aa065d8008f554466143ad48332f7e89cd9 Mon Sep 17 00:00:00 2001 From: Lee Clagett Date: Mon, 28 Nov 2016 18:39:59 -0500 Subject: Added confirmation before binding wallet-rpc to external IP --- src/wallet/wallet_rpc_server.cpp | 41 +++++++++++++++++++++++++++++----------- src/wallet/wallet_rpc_server.h | 3 --- 2 files changed, 30 insertions(+), 14 deletions(-) (limited to 'src/wallet') diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp index 5352b0b73..7c08bbe4b 100644 --- a/src/wallet/wallet_rpc_server.cpp +++ b/src/wallet/wallet_rpc_server.cpp @@ -27,6 +27,7 @@ // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers +#include #include #include "include_base_utils.h" using namespace epee; @@ -47,6 +48,8 @@ namespace const command_line::arg_descriptor arg_rpc_bind_port = {"rpc-bind-port", "Sets bind port for server"}; const command_line::arg_descriptor arg_rpc_bind_ip = {"rpc-bind-ip", "Specify ip to bind rpc server", "127.0.0.1"}; const command_line::arg_descriptor arg_user_agent = {"user-agent", "Restrict RPC to clients using this user agent", ""}; + + const command_line::arg_descriptor arg_confirm_external_bind = {"confirm-external-bind", "Confirm rcp-bind-ip value is NOT a loopback (local) IP"}; } namespace tools @@ -84,20 +87,35 @@ namespace tools return epee::http_server_impl_base::run(1, true); } //------------------------------------------------------------------------------------------------------------------------------ - bool wallet_rpc_server::handle_command_line(const boost::program_options::variables_map& vm) - { - m_bind_ip = command_line::get_arg(vm, arg_rpc_bind_ip); - m_port = command_line::get_arg(vm, arg_rpc_bind_port); - m_user_agent = command_line::get_arg(vm, arg_user_agent); - return true; - } - //------------------------------------------------------------------------------------------------------------------------------ bool wallet_rpc_server::init(const boost::program_options::variables_map& vm) { + std::string bind_ip = command_line::get_arg(vm, arg_rpc_bind_ip); + if (!bind_ip.empty()) + { + // always parse IP here for error consistency + boost::system::error_code ec{}; + const auto parsed_ip = boost::asio::ip::address::from_string(bind_ip, ec); + if (ec) + { + LOG_ERROR(tr("Invalid IP address given for rpc-bind-ip argument")); + return false; + } + + if (!parsed_ip.is_loopback() && !command_line::get_arg(vm, arg_confirm_external_bind)) + { + LOG_ERROR( + tr("The rpc-bind-ip value is listening for unencrypted external connections. Consider SSH tunnel or SSL proxy instead. Override with --confirm-external-bind") + ); + return false; + } + } + m_net_server.set_threads_prefix("RPC"); - bool r = handle_command_line(vm); - CHECK_AND_ASSERT_MES(r, false, "Failed to process command line in core_rpc_server"); - return epee::http_server_impl_base::init(m_port, m_bind_ip, m_user_agent); + return epee::http_server_impl_base::init( + command_line::get_arg(vm, arg_rpc_bind_port), + std::move(bind_ip), + command_line::get_arg(vm, arg_user_agent) + ); } //------------------------------------------------------------------------------------------------------------------------------ bool wallet_rpc_server::on_getbalance(const wallet_rpc::COMMAND_RPC_GET_BALANCE::request& req, wallet_rpc::COMMAND_RPC_GET_BALANCE::response& res, epee::json_rpc::error& er) @@ -1115,6 +1133,7 @@ int main(int argc, char** argv) { command_line::add_arg(desc_params, arg_rpc_bind_ip); command_line::add_arg(desc_params, arg_rpc_bind_port); command_line::add_arg(desc_params, arg_user_agent); + command_line::add_arg(desc_params, arg_confirm_external_bind); command_line::add_arg(desc_params, arg_wallet_file); command_line::add_arg(desc_params, arg_from_json); diff --git a/src/wallet/wallet_rpc_server.h b/src/wallet/wallet_rpc_server.h index 7d6f94e56..96ca1af04 100644 --- a/src/wallet/wallet_rpc_server.h +++ b/src/wallet/wallet_rpc_server.h @@ -118,9 +118,6 @@ namespace tools bool on_query_key(const wallet_rpc::COMMAND_RPC_QUERY_KEY::request& req, wallet_rpc::COMMAND_RPC_QUERY_KEY::response& res, epee::json_rpc::error& er); wallet2& m_wallet; - std::string m_port; - std::string m_bind_ip; - std::string m_user_agent; std::atomic m_stop; }; } -- cgit v1.2.3