Add a --restricted-rpc flag to simplewallet

It restricts RPC to a subset of "view only" commands. Kind of like
a poor man's view key replacement.
This commit is contained in:
moneromooo-monero 2015-01-11 11:06:35 +00:00
parent 24ddfa792e
commit 24d500ce8e
No known key found for this signature in database
GPG key ID: 686F07454D6CEFC3
4 changed files with 36 additions and 2 deletions

View file

@ -81,6 +81,7 @@ namespace
const command_line::arg_descriptor<int> arg_daemon_port = {"daemon-port", "Use daemon instance at port <arg> instead of 8081", 0}; const command_line::arg_descriptor<int> arg_daemon_port = {"daemon-port", "Use daemon instance at port <arg> instead of 8081", 0};
const command_line::arg_descriptor<uint32_t> arg_log_level = {"set_log", "", 0, true}; const command_line::arg_descriptor<uint32_t> arg_log_level = {"set_log", "", 0, true};
const command_line::arg_descriptor<bool> arg_testnet = {"testnet", "Used to deploy test nets. The daemon must be launched with --testnet flag", false}; const command_line::arg_descriptor<bool> arg_testnet = {"testnet", "Used to deploy test nets. The daemon must be launched with --testnet flag", false};
const command_line::arg_descriptor<bool> arg_restricted = {"restricted-rpc", "Restricts RPC to view only commands", false};
const command_line::arg_descriptor< std::vector<std::string> > arg_command = {"command", ""}; const command_line::arg_descriptor< std::vector<std::string> > arg_command = {"command", ""};
@ -1336,6 +1337,7 @@ int main(int argc, char* argv[])
command_line::add_arg(desc_params, arg_non_deterministic ); command_line::add_arg(desc_params, arg_non_deterministic );
command_line::add_arg(desc_params, arg_electrum_seed ); command_line::add_arg(desc_params, arg_electrum_seed );
command_line::add_arg(desc_params, arg_testnet); command_line::add_arg(desc_params, arg_testnet);
command_line::add_arg(desc_params, arg_restricted);
tools::wallet_rpc_server::init_options(desc_params); tools::wallet_rpc_server::init_options(desc_params);
po::positional_options_description positional_options; po::positional_options_description positional_options;
@ -1406,6 +1408,7 @@ int main(int argc, char* argv[])
} }
bool testnet = command_line::get_arg(vm, arg_testnet); bool testnet = command_line::get_arg(vm, arg_testnet);
bool restricted = command_line::get_arg(vm, arg_restricted);
std::string wallet_file = command_line::get_arg(vm, arg_wallet_file); std::string wallet_file = command_line::get_arg(vm, arg_wallet_file);
std::string wallet_password = command_line::get_arg(vm, arg_password); std::string wallet_password = command_line::get_arg(vm, arg_password);
std::string daemon_address = command_line::get_arg(vm, arg_daemon_address); std::string daemon_address = command_line::get_arg(vm, arg_daemon_address);
@ -1418,7 +1421,7 @@ int main(int argc, char* argv[])
if (daemon_address.empty()) if (daemon_address.empty())
daemon_address = std::string("http://") + daemon_host + ":" + std::to_string(daemon_port); daemon_address = std::string("http://") + daemon_host + ":" + std::to_string(daemon_port);
tools::wallet2 wal(testnet); tools::wallet2 wal(testnet,restricted);
try try
{ {
LOG_PRINT_L0("Loading wallet..."); LOG_PRINT_L0("Loading wallet...");

View file

@ -82,7 +82,7 @@ namespace tools
{ {
wallet2(const wallet2&) : m_run(true), m_callback(0), m_testnet(false) {}; wallet2(const wallet2&) : m_run(true), m_callback(0), m_testnet(false) {};
public: public:
wallet2(bool testnet = false) : m_run(true), m_callback(0), m_testnet(testnet), is_old_file_format(false) {}; wallet2(bool testnet = false, bool restricted = false) : m_run(true), m_callback(0), m_testnet(testnet), m_restricted(restricted), is_old_file_format(false) {};
struct transfer_details struct transfer_details
{ {
uint64_t m_block_height; uint64_t m_block_height;
@ -196,6 +196,7 @@ namespace tools
bool refresh(size_t & blocks_fetched, bool& received_money, bool& ok); bool refresh(size_t & blocks_fetched, bool& received_money, bool& ok);
bool testnet() { return m_testnet; } bool testnet() { return m_testnet; }
bool restricted() const { return m_restricted; }
uint64_t balance(); uint64_t balance();
uint64_t unlocked_balance(); uint64_t unlocked_balance();
@ -296,6 +297,7 @@ namespace tools
i_wallet2_callback* m_callback; i_wallet2_callback* m_callback;
bool m_testnet; bool m_testnet;
bool m_restricted;
std::string seed_language; /*!< Language of the mnemonics (seed). */ std::string seed_language; /*!< Language of the mnemonics (seed). */
bool is_old_file_format; /*!< Whether the wallet file is of an old file format */ bool is_old_file_format; /*!< Whether the wallet file is of an old file format */
}; };

View file

@ -167,6 +167,13 @@ namespace tools
std::vector<cryptonote::tx_destination_entry> dsts; std::vector<cryptonote::tx_destination_entry> dsts;
std::vector<uint8_t> extra; std::vector<uint8_t> extra;
if (m_wallet.restricted())
{
er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode.";
return false;
}
// validate the transfer requested and populate dsts & extra // validate the transfer requested and populate dsts & extra
if (!validate_transfer(req.destinations, req.payment_id, dsts, extra, er)) if (!validate_transfer(req.destinations, req.payment_id, dsts, extra, er))
{ {
@ -218,6 +225,13 @@ namespace tools
std::vector<cryptonote::tx_destination_entry> dsts; std::vector<cryptonote::tx_destination_entry> dsts;
std::vector<uint8_t> extra; std::vector<uint8_t> extra;
if (m_wallet.restricted())
{
er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode.";
return false;
}
// validate the transfer requested and populate dsts & extra; RPC_TRANSFER::request and RPC_TRANSFER_SPLIT::request are identical types. // validate the transfer requested and populate dsts & extra; RPC_TRANSFER::request and RPC_TRANSFER_SPLIT::request are identical types.
if (!validate_transfer(req.destinations, req.payment_id, dsts, extra, er)) if (!validate_transfer(req.destinations, req.payment_id, dsts, extra, er))
{ {
@ -261,6 +275,13 @@ namespace tools
//------------------------------------------------------------------------------------------------------------------------------ //------------------------------------------------------------------------------------------------------------------------------
bool wallet_rpc_server::on_store(const wallet_rpc::COMMAND_RPC_STORE::request& req, wallet_rpc::COMMAND_RPC_STORE::response& res, epee::json_rpc::error& er, connection_context& cntx) bool wallet_rpc_server::on_store(const wallet_rpc::COMMAND_RPC_STORE::request& req, wallet_rpc::COMMAND_RPC_STORE::response& res, epee::json_rpc::error& er, connection_context& cntx)
{ {
if (m_wallet.restricted())
{
er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode.";
return false;
}
try try
{ {
m_wallet.store(); m_wallet.store();
@ -409,6 +430,13 @@ namespace tools
//------------------------------------------------------------------------------------------------------------------------------ //------------------------------------------------------------------------------------------------------------------------------
bool wallet_rpc_server::on_query_key(const wallet_rpc::COMMAND_RPC_QUERY_KEY::request& req, wallet_rpc::COMMAND_RPC_QUERY_KEY::response& res, epee::json_rpc::error& er, connection_context& cntx) bool wallet_rpc_server::on_query_key(const wallet_rpc::COMMAND_RPC_QUERY_KEY::request& req, wallet_rpc::COMMAND_RPC_QUERY_KEY::response& res, epee::json_rpc::error& er, connection_context& cntx)
{ {
if (m_wallet.restricted())
{
er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode.";
return false;
}
if (req.key_type.compare("mnemonic") == 0) if (req.key_type.compare("mnemonic") == 0)
{ {
if (!m_wallet.get_seed(res.key)) if (!m_wallet.get_seed(res.key))

View file

@ -37,3 +37,4 @@
#define WALLET_RPC_ERROR_CODE_GENERIC_TRANSFER_ERROR -4 #define WALLET_RPC_ERROR_CODE_GENERIC_TRANSFER_ERROR -4
#define WALLET_RPC_ERROR_CODE_WRONG_PAYMENT_ID -5 #define WALLET_RPC_ERROR_CODE_WRONG_PAYMENT_ID -5
#define WALLET_RPC_ERROR_CODE_TRANSFER_TYPE -6 #define WALLET_RPC_ERROR_CODE_TRANSFER_TYPE -6
#define WALLET_RPC_ERROR_CODE_DENIED -7