Add a --restricted-rpc flag to simplewallet
It restricts RPC to a subset of "view only" commands. Kind of like a poor man's view key replacement.
This commit is contained in:
parent
24ddfa792e
commit
24d500ce8e
4 changed files with 36 additions and 2 deletions
|
@ -81,6 +81,7 @@ namespace
|
||||||
const command_line::arg_descriptor<int> arg_daemon_port = {"daemon-port", "Use daemon instance at port <arg> instead of 8081", 0};
|
const command_line::arg_descriptor<int> arg_daemon_port = {"daemon-port", "Use daemon instance at port <arg> instead of 8081", 0};
|
||||||
const command_line::arg_descriptor<uint32_t> arg_log_level = {"set_log", "", 0, true};
|
const command_line::arg_descriptor<uint32_t> arg_log_level = {"set_log", "", 0, true};
|
||||||
const command_line::arg_descriptor<bool> arg_testnet = {"testnet", "Used to deploy test nets. The daemon must be launched with --testnet flag", false};
|
const command_line::arg_descriptor<bool> arg_testnet = {"testnet", "Used to deploy test nets. The daemon must be launched with --testnet flag", false};
|
||||||
|
const command_line::arg_descriptor<bool> arg_restricted = {"restricted-rpc", "Restricts RPC to view only commands", false};
|
||||||
|
|
||||||
const command_line::arg_descriptor< std::vector<std::string> > arg_command = {"command", ""};
|
const command_line::arg_descriptor< std::vector<std::string> > arg_command = {"command", ""};
|
||||||
|
|
||||||
|
@ -1336,6 +1337,7 @@ int main(int argc, char* argv[])
|
||||||
command_line::add_arg(desc_params, arg_non_deterministic );
|
command_line::add_arg(desc_params, arg_non_deterministic );
|
||||||
command_line::add_arg(desc_params, arg_electrum_seed );
|
command_line::add_arg(desc_params, arg_electrum_seed );
|
||||||
command_line::add_arg(desc_params, arg_testnet);
|
command_line::add_arg(desc_params, arg_testnet);
|
||||||
|
command_line::add_arg(desc_params, arg_restricted);
|
||||||
tools::wallet_rpc_server::init_options(desc_params);
|
tools::wallet_rpc_server::init_options(desc_params);
|
||||||
|
|
||||||
po::positional_options_description positional_options;
|
po::positional_options_description positional_options;
|
||||||
|
@ -1406,6 +1408,7 @@ int main(int argc, char* argv[])
|
||||||
}
|
}
|
||||||
|
|
||||||
bool testnet = command_line::get_arg(vm, arg_testnet);
|
bool testnet = command_line::get_arg(vm, arg_testnet);
|
||||||
|
bool restricted = command_line::get_arg(vm, arg_restricted);
|
||||||
std::string wallet_file = command_line::get_arg(vm, arg_wallet_file);
|
std::string wallet_file = command_line::get_arg(vm, arg_wallet_file);
|
||||||
std::string wallet_password = command_line::get_arg(vm, arg_password);
|
std::string wallet_password = command_line::get_arg(vm, arg_password);
|
||||||
std::string daemon_address = command_line::get_arg(vm, arg_daemon_address);
|
std::string daemon_address = command_line::get_arg(vm, arg_daemon_address);
|
||||||
|
@ -1418,7 +1421,7 @@ int main(int argc, char* argv[])
|
||||||
if (daemon_address.empty())
|
if (daemon_address.empty())
|
||||||
daemon_address = std::string("http://") + daemon_host + ":" + std::to_string(daemon_port);
|
daemon_address = std::string("http://") + daemon_host + ":" + std::to_string(daemon_port);
|
||||||
|
|
||||||
tools::wallet2 wal(testnet);
|
tools::wallet2 wal(testnet,restricted);
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
LOG_PRINT_L0("Loading wallet...");
|
LOG_PRINT_L0("Loading wallet...");
|
||||||
|
|
|
@ -82,7 +82,7 @@ namespace tools
|
||||||
{
|
{
|
||||||
wallet2(const wallet2&) : m_run(true), m_callback(0), m_testnet(false) {};
|
wallet2(const wallet2&) : m_run(true), m_callback(0), m_testnet(false) {};
|
||||||
public:
|
public:
|
||||||
wallet2(bool testnet = false) : m_run(true), m_callback(0), m_testnet(testnet), is_old_file_format(false) {};
|
wallet2(bool testnet = false, bool restricted = false) : m_run(true), m_callback(0), m_testnet(testnet), m_restricted(restricted), is_old_file_format(false) {};
|
||||||
struct transfer_details
|
struct transfer_details
|
||||||
{
|
{
|
||||||
uint64_t m_block_height;
|
uint64_t m_block_height;
|
||||||
|
@ -196,6 +196,7 @@ namespace tools
|
||||||
bool refresh(size_t & blocks_fetched, bool& received_money, bool& ok);
|
bool refresh(size_t & blocks_fetched, bool& received_money, bool& ok);
|
||||||
|
|
||||||
bool testnet() { return m_testnet; }
|
bool testnet() { return m_testnet; }
|
||||||
|
bool restricted() const { return m_restricted; }
|
||||||
|
|
||||||
uint64_t balance();
|
uint64_t balance();
|
||||||
uint64_t unlocked_balance();
|
uint64_t unlocked_balance();
|
||||||
|
@ -296,6 +297,7 @@ namespace tools
|
||||||
|
|
||||||
i_wallet2_callback* m_callback;
|
i_wallet2_callback* m_callback;
|
||||||
bool m_testnet;
|
bool m_testnet;
|
||||||
|
bool m_restricted;
|
||||||
std::string seed_language; /*!< Language of the mnemonics (seed). */
|
std::string seed_language; /*!< Language of the mnemonics (seed). */
|
||||||
bool is_old_file_format; /*!< Whether the wallet file is of an old file format */
|
bool is_old_file_format; /*!< Whether the wallet file is of an old file format */
|
||||||
};
|
};
|
||||||
|
|
|
@ -167,6 +167,13 @@ namespace tools
|
||||||
std::vector<cryptonote::tx_destination_entry> dsts;
|
std::vector<cryptonote::tx_destination_entry> dsts;
|
||||||
std::vector<uint8_t> extra;
|
std::vector<uint8_t> extra;
|
||||||
|
|
||||||
|
if (m_wallet.restricted())
|
||||||
|
{
|
||||||
|
er.code = WALLET_RPC_ERROR_CODE_DENIED;
|
||||||
|
er.message = "Command unavailable in restricted mode.";
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
// validate the transfer requested and populate dsts & extra
|
// validate the transfer requested and populate dsts & extra
|
||||||
if (!validate_transfer(req.destinations, req.payment_id, dsts, extra, er))
|
if (!validate_transfer(req.destinations, req.payment_id, dsts, extra, er))
|
||||||
{
|
{
|
||||||
|
@ -218,6 +225,13 @@ namespace tools
|
||||||
std::vector<cryptonote::tx_destination_entry> dsts;
|
std::vector<cryptonote::tx_destination_entry> dsts;
|
||||||
std::vector<uint8_t> extra;
|
std::vector<uint8_t> extra;
|
||||||
|
|
||||||
|
if (m_wallet.restricted())
|
||||||
|
{
|
||||||
|
er.code = WALLET_RPC_ERROR_CODE_DENIED;
|
||||||
|
er.message = "Command unavailable in restricted mode.";
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
// validate the transfer requested and populate dsts & extra; RPC_TRANSFER::request and RPC_TRANSFER_SPLIT::request are identical types.
|
// validate the transfer requested and populate dsts & extra; RPC_TRANSFER::request and RPC_TRANSFER_SPLIT::request are identical types.
|
||||||
if (!validate_transfer(req.destinations, req.payment_id, dsts, extra, er))
|
if (!validate_transfer(req.destinations, req.payment_id, dsts, extra, er))
|
||||||
{
|
{
|
||||||
|
@ -261,6 +275,13 @@ namespace tools
|
||||||
//------------------------------------------------------------------------------------------------------------------------------
|
//------------------------------------------------------------------------------------------------------------------------------
|
||||||
bool wallet_rpc_server::on_store(const wallet_rpc::COMMAND_RPC_STORE::request& req, wallet_rpc::COMMAND_RPC_STORE::response& res, epee::json_rpc::error& er, connection_context& cntx)
|
bool wallet_rpc_server::on_store(const wallet_rpc::COMMAND_RPC_STORE::request& req, wallet_rpc::COMMAND_RPC_STORE::response& res, epee::json_rpc::error& er, connection_context& cntx)
|
||||||
{
|
{
|
||||||
|
if (m_wallet.restricted())
|
||||||
|
{
|
||||||
|
er.code = WALLET_RPC_ERROR_CODE_DENIED;
|
||||||
|
er.message = "Command unavailable in restricted mode.";
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
m_wallet.store();
|
m_wallet.store();
|
||||||
|
@ -409,6 +430,13 @@ namespace tools
|
||||||
//------------------------------------------------------------------------------------------------------------------------------
|
//------------------------------------------------------------------------------------------------------------------------------
|
||||||
bool wallet_rpc_server::on_query_key(const wallet_rpc::COMMAND_RPC_QUERY_KEY::request& req, wallet_rpc::COMMAND_RPC_QUERY_KEY::response& res, epee::json_rpc::error& er, connection_context& cntx)
|
bool wallet_rpc_server::on_query_key(const wallet_rpc::COMMAND_RPC_QUERY_KEY::request& req, wallet_rpc::COMMAND_RPC_QUERY_KEY::response& res, epee::json_rpc::error& er, connection_context& cntx)
|
||||||
{
|
{
|
||||||
|
if (m_wallet.restricted())
|
||||||
|
{
|
||||||
|
er.code = WALLET_RPC_ERROR_CODE_DENIED;
|
||||||
|
er.message = "Command unavailable in restricted mode.";
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
if (req.key_type.compare("mnemonic") == 0)
|
if (req.key_type.compare("mnemonic") == 0)
|
||||||
{
|
{
|
||||||
if (!m_wallet.get_seed(res.key))
|
if (!m_wallet.get_seed(res.key))
|
||||||
|
|
|
@ -37,3 +37,4 @@
|
||||||
#define WALLET_RPC_ERROR_CODE_GENERIC_TRANSFER_ERROR -4
|
#define WALLET_RPC_ERROR_CODE_GENERIC_TRANSFER_ERROR -4
|
||||||
#define WALLET_RPC_ERROR_CODE_WRONG_PAYMENT_ID -5
|
#define WALLET_RPC_ERROR_CODE_WRONG_PAYMENT_ID -5
|
||||||
#define WALLET_RPC_ERROR_CODE_TRANSFER_TYPE -6
|
#define WALLET_RPC_ERROR_CODE_TRANSFER_TYPE -6
|
||||||
|
#define WALLET_RPC_ERROR_CODE_DENIED -7
|
||||||
|
|
Loading…
Reference in a new issue