Add server auth to monerod, and client auth to wallet-cli and wallet-rpc

This commit is contained in:
Lee Clagett 2017-02-05 17:48:03 -05:00
parent e56bf442c3
commit ce7fcbb4ae
38 changed files with 495 additions and 189 deletions

View file

@ -29,6 +29,9 @@
#pragma once #pragma once
#include <boost/lexical_cast.hpp> #include <boost/lexical_cast.hpp>
#include <boost/regex.hpp> #include <boost/regex.hpp>
#include <boost/utility/string_ref.hpp>
#include <string>
#include <utility>
#include "string_tools.h" #include "string_tools.h"
@ -90,6 +93,15 @@ namespace net_utils
return std::string(); return std::string();
} }
static inline void add_field(std::string& out, const boost::string_ref name, const boost::string_ref value)
{
out.append(name.data(), name.size()).append(": ");
out.append(value.data(), value.size()).append("\r\n");
}
static inline void add_field(std::string& out, const std::pair<std::string, std::string>& field)
{
add_field(out, field.first, field.second);
}
struct http_header_info struct http_header_info

View file

@ -30,6 +30,8 @@
#include <boost/shared_ptr.hpp> #include <boost/shared_ptr.hpp>
#include <boost/regex.hpp> #include <boost/regex.hpp>
#include <boost/lexical_cast.hpp> #include <boost/lexical_cast.hpp>
#include <boost/optional/optional.hpp>
#include <boost/utility/string_ref.hpp>
//#include <mbstring.h> //#include <mbstring.h>
#include <algorithm> #include <algorithm>
#include <cctype> #include <cctype>
@ -45,6 +47,7 @@
#include "string_tools.h" #include "string_tools.h"
#include "reg_exp_definer.h" #include "reg_exp_definer.h"
#include "http_base.h" #include "http_base.h"
#include "http_auth.h"
#include "to_nonconst_iterator.h" #include "to_nonconst_iterator.h"
#include "net_parse_helpers.h" #include "net_parse_helpers.h"
@ -236,9 +239,6 @@ using namespace std;
class http_simple_client: public i_target_handler class http_simple_client: public i_target_handler
{ {
public:
private: private:
enum reciev_machine_state enum reciev_machine_state
{ {
@ -263,6 +263,7 @@ using namespace std;
blocked_mode_client m_net_client; blocked_mode_client m_net_client;
std::string m_host_buff; std::string m_host_buff;
std::string m_port; std::string m_port;
http_client_auth m_auth;
std::string m_header_cache; std::string m_header_cache;
http_response_info m_response_info; http_response_info m_response_info;
size_t m_len_in_summary; size_t m_len_in_summary;
@ -280,6 +281,7 @@ using namespace std;
, m_net_client() , m_net_client()
, m_host_buff() , m_host_buff()
, m_port() , m_port()
, m_auth()
, m_header_cache() , m_header_cache()
, m_response_info() , m_response_info()
, m_len_in_summary(0) , m_len_in_summary(0)
@ -291,21 +293,22 @@ using namespace std;
, m_lock() , m_lock()
{} {}
bool set_server(const std::string& address) bool set_server(const std::string& address, boost::optional<login> user)
{ {
http::url_content parsed{}; http::url_content parsed{};
const bool r = parse_url(address, parsed); const bool r = parse_url(address, parsed);
CHECK_AND_ASSERT_MES(r, false, "failed to parse url: " << address); CHECK_AND_ASSERT_MES(r, false, "failed to parse url: " << address);
set_server(std::move(parsed.host), std::to_string(parsed.port)); set_server(std::move(parsed.host), std::to_string(parsed.port), std::move(user));
return true; return true;
} }
void set_server(std::string host, std::string port) void set_server(std::string host, std::string port, boost::optional<login> user)
{ {
CRITICAL_REGION_LOCAL(m_lock); CRITICAL_REGION_LOCAL(m_lock);
disconnect(); disconnect();
m_host_buff = std::move(host); m_host_buff = std::move(host);
m_port = std::move(port); m_port = std::move(port);
m_auth = user ? http_client_auth{std::move(*user)} : http_client_auth{};
} }
bool connect(std::chrono::milliseconds timeout) bool connect(std::chrono::milliseconds timeout)
@ -335,14 +338,14 @@ using namespace std;
} }
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
inline inline
bool invoke_get(const std::string& uri, std::chrono::milliseconds timeout, const std::string& body = std::string(), const http_response_info** ppresponse_info = NULL, const fields_list& additional_params = fields_list()) bool invoke_get(const boost::string_ref uri, std::chrono::milliseconds timeout, const std::string& body = std::string(), const http_response_info** ppresponse_info = NULL, const fields_list& additional_params = fields_list())
{ {
CRITICAL_REGION_LOCAL(m_lock); CRITICAL_REGION_LOCAL(m_lock);
return invoke(uri, "GET", body, timeout, ppresponse_info, additional_params); return invoke(uri, "GET", body, timeout, ppresponse_info, additional_params);
} }
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
inline bool invoke(const std::string& uri, const std::string& method, const std::string& body, std::chrono::milliseconds timeout, const http_response_info** ppresponse_info = NULL, const fields_list& additional_params = fields_list()) inline bool invoke(const boost::string_ref uri, const boost::string_ref method, const std::string& body, std::chrono::milliseconds timeout, const http_response_info** ppresponse_info = NULL, const fields_list& additional_params = fields_list())
{ {
CRITICAL_REGION_LOCAL(m_lock); CRITICAL_REGION_LOCAL(m_lock);
if(!is_connected()) if(!is_connected())
@ -354,15 +357,24 @@ using namespace std;
return false; return false;
} }
} }
m_response_info.clear();
std::string req_buff = method + " ";
req_buff += uri + " HTTP/1.1\r\n" +
"Host: "+ m_host_buff +"\r\n" + "Content-Length: " + boost::lexical_cast<std::string>(body.size()) + "\r\n";
std::string req_buff{};
req_buff.reserve(2048);
req_buff.append(method.data(), method.size()).append(" ").append(uri.data(), uri.size()).append(" HTTP/1.1\r\n");
add_field(req_buff, "Host", m_host_buff);
add_field(req_buff, "Content-Length", std::to_string(body.size()));
//handle "additional_params" //handle "additional_params"
for(fields_list::const_iterator it = additional_params.begin(); it!=additional_params.end(); it++) for(const auto& field : additional_params)
req_buff += it->first + ": " + it->second + "\r\n"; add_field(req_buff, field);
for (unsigned sends = 0; sends < 2; ++sends)
{
const std::size_t initial_size = req_buff.size();
const auto auth = m_auth.get_auth_field(method, uri);
if (auth)
add_field(req_buff, *auth);
req_buff += "\r\n"; req_buff += "\r\n";
//-- //--
@ -372,14 +384,37 @@ using namespace std;
res = m_net_client.send(body, timeout); res = m_net_client.send(body, timeout);
CHECK_AND_ASSERT_MES(res, false, "HTTP_CLIENT: Failed to SEND"); CHECK_AND_ASSERT_MES(res, false, "HTTP_CLIENT: Failed to SEND");
if(ppresponse_info)
*ppresponse_info = &m_response_info;
m_response_info.clear();
m_state = reciev_machine_state_header; m_state = reciev_machine_state_header;
return handle_reciev(timeout); if (!handle_reciev(timeout))
return false;
if (m_response_info.m_response_code != 401)
{
if(ppresponse_info)
*ppresponse_info = std::addressof(m_response_info);
return true;
}
switch (m_auth.handle_401(m_response_info))
{
case http_client_auth::kSuccess:
break;
case http_client_auth::kBadPassword:
sends = 2;
break;
default:
case http_client_auth::kParseFailure:
LOG_ERROR("Bad server response for authentication");
return false;
}
req_buff.resize(initial_size); // rollback for new auth generation
}
LOG_ERROR("Client has incorrect username/password for server requiring authentication");
return false;
} }
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
inline bool invoke_post(const std::string& uri, const std::string& body, std::chrono::milliseconds timeout, const http_response_info** ppresponse_info = NULL, const fields_list& additional_params = fields_list()) inline bool invoke_post(const boost::string_ref uri, const std::string& body, std::chrono::milliseconds timeout, const http_response_info** ppresponse_info = NULL, const fields_list& additional_params = fields_list())
{ {
CRITICAL_REGION_LOCAL(m_lock); CRITICAL_REGION_LOCAL(m_lock);
return invoke(uri, "POST", body, timeout, ppresponse_info, additional_params); return invoke(uri, "POST", body, timeout, ppresponse_info, additional_params);
@ -730,7 +765,7 @@ using namespace std;
else if(result[i++].matched)//"User-Agent" else if(result[i++].matched)//"User-Agent"
body_info.m_user_agent = result[field_val]; body_info.m_user_agent = result[field_val];
else if(result[i++].matched)//e.t.c (HAVE TO BE MATCHED!) else if(result[i++].matched)//e.t.c (HAVE TO BE MATCHED!)
{;} body_info.m_etc_fields.emplace_back(result[11], result[field_val]);
else else
{CHECK_AND_ASSERT_MES(false, false, "http_stream_filter::parse_cached_header() not matched last entry in:"<<m_cache_to_process);} {CHECK_AND_ASSERT_MES(false, false, "http_stream_filter::parse_cached_header() not matched last entry in:"<<m_cache_to_process);}

View file

@ -54,7 +54,6 @@ namespace net_utils
struct http_server_config struct http_server_config
{ {
std::string m_folder; std::string m_folder;
std::string m_required_user_agent;
boost::optional<login> m_user; boost::optional<login> m_user;
critical_section m_lock; critical_section m_lock;
}; };

View file

@ -390,13 +390,6 @@ namespace net_utils
return false; return false;
} }
if (!m_config.m_required_user_agent.empty() && m_query_info.m_header_info.m_user_agent != m_config.m_required_user_agent)
{
LOG_ERROR("simple_http_connection_handler<t_connection_context>::analize_cached_request_header_and_invoke_state(): unexpected user agent: " << m_query_info.m_header_info.m_user_agent);
m_state = http_state_error;
return false;
}
m_cache.erase(0, pos); m_cache.erase(0, pos);
std::string req_command_str = m_query_info.m_full_request_str; std::string req_command_str = m_query_info.m_full_request_str;

View file

@ -56,7 +56,7 @@ namespace epee
{} {}
bool init(const std::string& bind_port = "0", const std::string& bind_ip = "0.0.0.0", bool init(const std::string& bind_port = "0", const std::string& bind_ip = "0.0.0.0",
std::string user_agent = "", boost::optional<net_utils::http::login> user = boost::none) boost::optional<net_utils::http::login> user = boost::none)
{ {
//set self as callback handler //set self as callback handler
@ -65,8 +65,6 @@ namespace epee
//here set folder for hosting reqests //here set folder for hosting reqests
m_net_server.get_config_object().m_folder = ""; m_net_server.get_config_object().m_folder = "";
// workaround till we get auth/encryption
m_net_server.get_config_object().m_required_user_agent = std::move(user_agent);
m_net_server.get_config_object().m_user = std::move(user); m_net_server.get_config_object().m_user = std::move(user);
LOG_PRINT_L0("Binding on " << bind_ip << ":" << bind_port); LOG_PRINT_L0("Binding on " << bind_ip << ":" << bind_port);

View file

@ -26,6 +26,9 @@
// //
#pragma once #pragma once
#include <boost/utility/string_ref.hpp>
#include <chrono>
#include <string>
#include "portable_storage_template_helper.h" #include "portable_storage_template_helper.h"
#include "net/http_base.h" #include "net/http_base.h"
#include "net/http_server_handlers_map2.h" #include "net/http_server_handlers_map2.h"
@ -35,7 +38,7 @@ namespace epee
namespace net_utils namespace net_utils
{ {
template<class t_request, class t_response, class t_transport> template<class t_request, class t_response, class t_transport>
bool invoke_http_json(const std::string& uri, const t_request& out_struct, t_response& result_struct, t_transport& transport, std::chrono::milliseconds timeout = std::chrono::seconds(5), const std::string& method = "GET") bool invoke_http_json(const boost::string_ref uri, const t_request& out_struct, t_response& result_struct, t_transport& transport, std::chrono::milliseconds timeout = std::chrono::seconds(5), const boost::string_ref method = "GET")
{ {
std::string req_param; std::string req_param;
if(!serialization::store_t_to_json(out_struct, req_param)) if(!serialization::store_t_to_json(out_struct, req_param))
@ -66,7 +69,7 @@ namespace epee
template<class t_request, class t_response, class t_transport> template<class t_request, class t_response, class t_transport>
bool invoke_http_bin(const std::string& uri, const t_request& out_struct, t_response& result_struct, t_transport& transport, std::chrono::milliseconds timeout = std::chrono::seconds(5), const std::string& method = "GET") bool invoke_http_bin(const boost::string_ref uri, const t_request& out_struct, t_response& result_struct, t_transport& transport, std::chrono::milliseconds timeout = std::chrono::seconds(5), const boost::string_ref method = "GET")
{ {
std::string req_param; std::string req_param;
if(!serialization::store_t_to_binary(out_struct, req_param)) if(!serialization::store_t_to_binary(out_struct, req_param))
@ -95,7 +98,7 @@ namespace epee
} }
template<class t_request, class t_response, class t_transport> template<class t_request, class t_response, class t_transport>
bool invoke_http_json_rpc(const std::string& uri, std::string method_name, const t_request& out_struct, t_response& result_struct, t_transport& transport, std::chrono::milliseconds timeout = std::chrono::seconds(5), const std::string& http_method = "GET", const std::string& req_id = "0") bool invoke_http_json_rpc(const boost::string_ref uri, std::string method_name, const t_request& out_struct, t_response& result_struct, t_transport& transport, std::chrono::milliseconds timeout = std::chrono::seconds(5), const boost::string_ref http_method = "GET", const std::string& req_id = "0")
{ {
epee::json_rpc::request<t_request> req_t = AUTO_VAL_INIT(req_t); epee::json_rpc::request<t_request> req_t = AUTO_VAL_INIT(req_t);
req_t.jsonrpc = "2.0"; req_t.jsonrpc = "2.0";
@ -117,7 +120,7 @@ namespace epee
} }
template<class t_command, class t_transport> template<class t_command, class t_transport>
bool invoke_http_json_rpc(const std::string& uri, typename t_command::request& out_struct, typename t_command::response& result_struct, t_transport& transport, std::chrono::milliseconds timeout = std::chrono::seconds(5), const std::string& http_method = "GET", const std::string& req_id = "0") bool invoke_http_json_rpc(const boost::string_ref uri, typename t_command::request& out_struct, typename t_command::response& result_struct, t_transport& transport, std::chrono::milliseconds timeout = std::chrono::seconds(5), const boost::string_ref http_method = "GET", const std::string& req_id = "0")
{ {
return invoke_http_json_rpc(uri, t_command::methodname(), out_struct, result_struct, transport, timeout, http_method, req_id); return invoke_http_json_rpc(uri, t_command::methodname(), out_struct, result_struct, transport, timeout, http_method, req_id);
} }

View file

@ -362,7 +362,7 @@ namespace
server_parameters best{}; server_parameters best{};
const std::list<field>& fields = response.m_additional_fields; const std::list<field>& fields = response.m_header_info.m_etc_fields;
auto current = fields.begin(); auto current = fields.begin();
const auto end = fields.end(); const auto end = fields.end();
while (true) while (true)

View file

@ -32,6 +32,7 @@ set(common_sources
dns_utils.cpp dns_utils.cpp
util.cpp util.cpp
i18n.cpp i18n.cpp
password.cpp
perf_timer.cpp perf_timer.cpp
task_region.cpp task_region.cpp
thread_group.cpp) thread_group.cpp)
@ -46,6 +47,7 @@ set(common_private_headers
base58.h base58.h
boost_serialization_helper.h boost_serialization_helper.h
command_line.h command_line.h
common_fwd.h
dns_utils.h dns_utils.h
http_connection.h http_connection.h
int-util.h int-util.h
@ -56,6 +58,7 @@ set(common_private_headers
util.h util.h
varint.h varint.h
i18n.h i18n.h
password.h
perf_timer.h perf_timer.h
stack_trace.h stack_trace.h
task_region.h task_region.h

View file

@ -76,7 +76,6 @@ namespace command_line
const arg_descriptor<bool> arg_version = {"version", "Output version information"}; const arg_descriptor<bool> arg_version = {"version", "Output version information"};
const arg_descriptor<std::string> arg_data_dir = {"data-dir", "Specify data directory"}; const arg_descriptor<std::string> arg_data_dir = {"data-dir", "Specify data directory"};
const arg_descriptor<std::string> arg_testnet_data_dir = {"testnet-data-dir", "Specify testnet data directory"}; const arg_descriptor<std::string> arg_testnet_data_dir = {"testnet-data-dir", "Specify testnet data directory"};
const arg_descriptor<std::string> arg_user_agent = {"user-agent", "Restrict RPC use to clients using this user agent"};
const arg_descriptor<bool> arg_test_drop_download = {"test-drop-download", "For net tests: in download, discard ALL blocks instead checking/saving them (very fast)"}; const arg_descriptor<bool> arg_test_drop_download = {"test-drop-download", "For net tests: in download, discard ALL blocks instead checking/saving them (very fast)"};
const arg_descriptor<uint64_t> arg_test_drop_download_height = {"test-drop-download-height", "Like test-drop-download but disards only after around certain height", 0}; const arg_descriptor<uint64_t> arg_test_drop_download_height = {"test-drop-download-height", "Like test-drop-download but disards only after around certain height", 0};
const arg_descriptor<int> arg_test_dbg_lock_sleep = {"test-dbg-lock-sleep", "Sleep time in ms, defaults to 0 (off), used to debug before/after locking mutex. Values 100 to 1000 are good for tests."}; const arg_descriptor<int> arg_test_dbg_lock_sleep = {"test-dbg-lock-sleep", "Sleep time in ms, defaults to 0 (off), used to debug before/after locking mutex. Values 100 to 1000 are good for tests."};

View file

@ -207,7 +207,6 @@ namespace command_line
extern const arg_descriptor<bool> arg_version; extern const arg_descriptor<bool> arg_version;
extern const arg_descriptor<std::string> arg_data_dir; extern const arg_descriptor<std::string> arg_data_dir;
extern const arg_descriptor<std::string> arg_testnet_data_dir; extern const arg_descriptor<std::string> arg_testnet_data_dir;
extern const arg_descriptor<std::string> arg_user_agent;
extern const arg_descriptor<bool> arg_test_drop_download; extern const arg_descriptor<bool> arg_test_drop_download;
extern const arg_descriptor<uint64_t> arg_test_drop_download_height; extern const arg_descriptor<uint64_t> arg_test_drop_download_height;
extern const arg_descriptor<int> arg_test_dbg_lock_sleep; extern const arg_descriptor<int> arg_test_dbg_lock_sleep;

41
src/common/common_fwd.h Normal file
View file

@ -0,0 +1,41 @@
// Copyright (c) 2014-2017, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
#pragma once
namespace tools
{
class DNSResolver;
struct login;
class password_container;
class t_http_connection;
class task_region;
class thread_group;
}

View file

@ -1,4 +1,4 @@
// Copyright (c) 2014-2016, The Monero Project // Copyright (c) 2014-2017, The Monero Project
// //
// All rights reserved. // All rights reserved.
// //
@ -28,7 +28,7 @@
// //
// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
#include "password_container.h" #include "password.h"
#include <iostream> #include <iostream>
#include <memory.h> #include <memory.h>
@ -245,4 +245,27 @@ namespace tools
return boost::none; return boost::none;
} }
boost::optional<login> login::parse(std::string&& userpass, bool verify, const char* message)
{
login out{};
password_container wipe{std::move(userpass)};
const auto loc = wipe.password().find(':');
if (loc == std::string::npos)
{
auto result = tools::password_container::prompt(verify, message);
if (!result)
return boost::none;
out.password = std::move(*result);
}
else
{
out.password = password_container{wipe.password().substr(loc + 1)};
}
out.username = wipe.password().substr(0, loc);
return {std::move(out)};
}
} }

View file

@ -1,4 +1,4 @@
// Copyright (c) 2014-2016, The Monero Project // Copyright (c) 2014-2017, The Monero Project
// //
// All rights reserved. // All rights reserved.
// //
@ -64,4 +64,33 @@ namespace tools
//! TODO Custom allocator that locks to RAM? //! TODO Custom allocator that locks to RAM?
std::string m_password; std::string m_password;
}; };
struct login
{
login() = default;
/*!
Extracts username and password from the format `username:password`. A
blank username or password is allowed. If the `:` character is not
present, `password_container::prompt` will be called by forwarding the
`verify` and `message` arguments.
\param userpass Is "consumed", and the memory contents are wiped.
\param verify is passed to `password_container::prompt` if necessary.
\param message is passed to `password_container::prompt` if necessary.
\return The username and password, or boost::none if
`password_container::prompt` fails.
*/
static boost::optional<login> parse(std::string&& userpass, bool verify, const char* message = "Password");
login(const login&) = delete;
login(login&&) = default;
~login() = default;
login& operator=(const login&) = delete;
login& operator=(login&&) = default;
std::string username;
password_container password;
};
} }

View file

@ -28,10 +28,13 @@
#pragma once #pragma once
#include <boost/optional/optional.hpp>
#include "common/http_connection.h" #include "common/http_connection.h"
#include "common/scoped_message_writer.h" #include "common/scoped_message_writer.h"
#include "rpc/core_rpc_server_commands_defs.h" #include "rpc/core_rpc_server_commands_defs.h"
#include "storages/http_abstract_invoke.h" #include "storages/http_abstract_invoke.h"
#include "net/http_auth.h"
#include "net/http_client.h" #include "net/http_client.h"
#include "string_tools.h" #include "string_tools.h"
@ -45,11 +48,12 @@ namespace tools
t_rpc_client( t_rpc_client(
uint32_t ip uint32_t ip
, uint16_t port , uint16_t port
, boost::optional<epee::net_utils::http::login> user
) )
: m_http_client{} : m_http_client{}
{ {
m_http_client.set_server( m_http_client.set_server(
epee::string_tools::get_ip_string_from_int32(ip), std::to_string(port) epee::string_tools::get_ip_string_from_int32(ip), std::to_string(port), std::move(user)
); );
} }

View file

@ -37,11 +37,11 @@ namespace daemonize {
t_command_parser_executor::t_command_parser_executor( t_command_parser_executor::t_command_parser_executor(
uint32_t ip uint32_t ip
, uint16_t port , uint16_t port
, const std::string &user_agent , const boost::optional<tools::login>& login
, bool is_rpc , bool is_rpc
, cryptonote::core_rpc_server* rpc_server , cryptonote::core_rpc_server* rpc_server
) )
: m_executor(ip, port, user_agent, is_rpc, rpc_server) : m_executor(ip, port, login, is_rpc, rpc_server)
{} {}
bool t_command_parser_executor::print_peer_list(const std::vector<std::string>& args) bool t_command_parser_executor::print_peer_list(const std::vector<std::string>& args)

View file

@ -36,7 +36,10 @@
#pragma once #pragma once
#include <boost/optional/optional_fwd.hpp>
#include "daemon/rpc_command_executor.h" #include "daemon/rpc_command_executor.h"
#include "common/common_fwd.h"
#include "rpc/core_rpc_server.h" #include "rpc/core_rpc_server.h"
namespace daemonize { namespace daemonize {
@ -49,7 +52,7 @@ public:
t_command_parser_executor( t_command_parser_executor(
uint32_t ip uint32_t ip
, uint16_t port , uint16_t port
, const std::string &user_agent , const boost::optional<tools::login>& login
, bool is_rpc , bool is_rpc
, cryptonote::core_rpc_server* rpc_server = NULL , cryptonote::core_rpc_server* rpc_server = NULL
); );

View file

@ -40,11 +40,11 @@ namespace p = std::placeholders;
t_command_server::t_command_server( t_command_server::t_command_server(
uint32_t ip uint32_t ip
, uint16_t port , uint16_t port
, const std::string &user_agent , const boost::optional<tools::login>& login
, bool is_rpc , bool is_rpc
, cryptonote::core_rpc_server* rpc_server , cryptonote::core_rpc_server* rpc_server
) )
: m_parser(ip, port, user_agent, is_rpc, rpc_server) : m_parser(ip, port, login, is_rpc, rpc_server)
, m_command_lookup() , m_command_lookup()
, m_is_rpc(is_rpc) , m_is_rpc(is_rpc)
{ {

View file

@ -39,6 +39,8 @@ Passing RPC commands:
#pragma once #pragma once
#include <boost/optional/optional_fwd.hpp>
#include "common/common_fwd.h"
#include "console_handler.h" #include "console_handler.h"
#include "daemon/command_parser_executor.h" #include "daemon/command_parser_executor.h"
@ -54,7 +56,7 @@ public:
t_command_server( t_command_server(
uint32_t ip uint32_t ip
, uint16_t port , uint16_t port
, const std::string &user_agent , const boost::optional<tools::login>& login
, bool is_rpc = true , bool is_rpc = true
, cryptonote::core_rpc_server* rpc_server = NULL , cryptonote::core_rpc_server* rpc_server = NULL
); );

View file

@ -33,6 +33,7 @@
#include "misc_log_ex.h" #include "misc_log_ex.h"
#include "daemon/daemon.h" #include "daemon/daemon.h"
#include "common/password.h"
#include "common/util.h" #include "common/util.h"
#include "daemon/core.h" #include "daemon/core.h"
#include "daemon/p2p.h" #include "daemon/p2p.h"
@ -127,7 +128,8 @@ bool t_daemon::run(bool interactive)
if (interactive) if (interactive)
{ {
rpc_commands = new daemonize::t_command_server(0, 0, "", false, mp_internals->rpc.get_server()); // The first three variables are not used when the fourth is false
rpc_commands = new daemonize::t_command_server(0, 0, boost::none, false, mp_internals->rpc.get_server());
rpc_commands->start_handling(std::bind(&daemonize::t_daemon::stop_p2p, this)); rpc_commands->start_handling(std::bind(&daemonize::t_daemon::stop_p2p, this));
} }

View file

@ -30,6 +30,7 @@
#include "common/command_line.h" #include "common/command_line.h"
#include "common/scoped_message_writer.h" #include "common/scoped_message_writer.h"
#include "common/password.h"
#include "common/util.h" #include "common/util.h"
#include "cryptonote_core/cryptonote_core.h" #include "cryptonote_core/cryptonote_core.h"
#include "cryptonote_core/miner.h" #include "cryptonote_core/miner.h"
@ -40,6 +41,7 @@
#include "misc_log_ex.h" #include "misc_log_ex.h"
#include "p2p/net_node.h" #include "p2p/net_node.h"
#include "rpc/core_rpc_server.h" #include "rpc/core_rpc_server.h"
#include "rpc/rpc_args.h"
#include "daemon/command_line_args.h" #include "daemon/command_line_args.h"
#include "blockchain_db/db_types.h" #include "blockchain_db/db_types.h"
@ -220,13 +222,13 @@ int main(int argc, char const * argv[])
if (command.size()) if (command.size())
{ {
auto rpc_ip_str = command_line::get_arg(vm, cryptonote::core_rpc_server::arg_rpc_bind_ip); const cryptonote::rpc_args::descriptors arg{};
auto rpc_ip_str = command_line::get_arg(vm, arg.rpc_bind_ip);
auto rpc_port_str = command_line::get_arg(vm, cryptonote::core_rpc_server::arg_rpc_bind_port); auto rpc_port_str = command_line::get_arg(vm, cryptonote::core_rpc_server::arg_rpc_bind_port);
if (testnet_mode) if (testnet_mode)
{ {
rpc_port_str = command_line::get_arg(vm, cryptonote::core_rpc_server::arg_testnet_rpc_bind_port); rpc_port_str = command_line::get_arg(vm, cryptonote::core_rpc_server::arg_testnet_rpc_bind_port);
} }
auto user_agent = command_line::get_arg(vm, cryptonote::core_rpc_server::arg_user_agent);
uint32_t rpc_ip; uint32_t rpc_ip;
uint16_t rpc_port; uint16_t rpc_port;
@ -241,7 +243,20 @@ int main(int argc, char const * argv[])
return 1; return 1;
} }
daemonize::t_command_server rpc_commands{rpc_ip, rpc_port, user_agent}; boost::optional<tools::login> login{};
if (command_line::has_arg(vm, arg.rpc_login))
{
login = tools::login::parse(
command_line::get_arg(vm, arg.rpc_login), false, "Daemon client password"
);
if (!login)
{
std::cerr << "Failed to obtain password" << std::endl;
return 1;
}
}
daemonize::t_command_server rpc_commands{rpc_ip, rpc_port, std::move(login)};
if (rpc_commands.process_command_vec(command)) if (rpc_commands.process_command_vec(command))
{ {
return 0; return 0;

View file

@ -29,6 +29,7 @@
// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
#include "string_tools.h" #include "string_tools.h"
#include "common/password.h"
#include "common/scoped_message_writer.h" #include "common/scoped_message_writer.h"
#include "daemon/rpc_command_executor.h" #include "daemon/rpc_command_executor.h"
#include "rpc/core_rpc_server_commands_defs.h" #include "rpc/core_rpc_server_commands_defs.h"
@ -95,7 +96,7 @@ namespace {
t_rpc_command_executor::t_rpc_command_executor( t_rpc_command_executor::t_rpc_command_executor(
uint32_t ip uint32_t ip
, uint16_t port , uint16_t port
, const std::string &user_agent , const boost::optional<tools::login>& login
, bool is_rpc , bool is_rpc
, cryptonote::core_rpc_server* rpc_server , cryptonote::core_rpc_server* rpc_server
) )
@ -103,7 +104,10 @@ t_rpc_command_executor::t_rpc_command_executor(
{ {
if (is_rpc) if (is_rpc)
{ {
m_rpc_client = new tools::t_rpc_client(ip, port); boost::optional<epee::net_utils::http::login> http_login{};
if (login)
http_login.emplace(login->username, login->password.password());
m_rpc_client = new tools::t_rpc_client(ip, port, std::move(http_login));
} }
else else
{ {

View file

@ -38,6 +38,9 @@
#pragma once #pragma once
#include <boost/optional/optional_fwd.hpp>
#include "common/common_fwd.h"
#include "common/rpc_client.h" #include "common/rpc_client.h"
#include "misc_log_ex.h" #include "misc_log_ex.h"
#include "cryptonote_core/cryptonote_core.h" #include "cryptonote_core/cryptonote_core.h"
@ -60,7 +63,7 @@ public:
t_rpc_command_executor( t_rpc_command_executor(
uint32_t ip uint32_t ip
, uint16_t port , uint16_t port
, const std::string &user_agent , const boost::optional<tools::login>& user
, bool is_rpc = true , bool is_rpc = true
, cryptonote::core_rpc_server* rpc_server = NULL , cryptonote::core_rpc_server* rpc_server = NULL
); );

View file

@ -27,9 +27,11 @@
# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
set(rpc_sources set(rpc_sources
core_rpc_server.cpp) core_rpc_server.cpp
rpc_args.cpp)
set(rpc_headers) set(rpc_headers
rpc_args.h)
set(rpc_private_headers set(rpc_private_headers
core_rpc_server.h core_rpc_server.h
@ -44,6 +46,7 @@ monero_add_library(rpc
${rpc_private_headers}) ${rpc_private_headers})
target_link_libraries(rpc target_link_libraries(rpc
PUBLIC PUBLIC
common
cryptonote_core cryptonote_core
cryptonote_protocol cryptonote_protocol
epee epee

View file

@ -38,6 +38,7 @@ using namespace epee;
#include "cryptonote_core/cryptonote_basic_impl.h" #include "cryptonote_core/cryptonote_basic_impl.h"
#include "misc_language.h" #include "misc_language.h"
#include "crypto/hash.h" #include "crypto/hash.h"
#include "rpc/rpc_args.h"
#include "core_rpc_server_error_codes.h" #include "core_rpc_server_error_codes.h"
#define MAX_RESTRICTED_FAKE_OUTS_COUNT 40 #define MAX_RESTRICTED_FAKE_OUTS_COUNT 40
@ -49,11 +50,10 @@ namespace cryptonote
//----------------------------------------------------------------------------------- //-----------------------------------------------------------------------------------
void core_rpc_server::init_options(boost::program_options::options_description& desc) void core_rpc_server::init_options(boost::program_options::options_description& desc)
{ {
command_line::add_arg(desc, arg_rpc_bind_ip);
command_line::add_arg(desc, arg_rpc_bind_port); command_line::add_arg(desc, arg_rpc_bind_port);
command_line::add_arg(desc, arg_testnet_rpc_bind_port); command_line::add_arg(desc, arg_testnet_rpc_bind_port);
command_line::add_arg(desc, arg_restricted_rpc); command_line::add_arg(desc, arg_restricted_rpc);
command_line::add_arg(desc, arg_user_agent); cryptonote::rpc_args::init_options(desc);
} }
//------------------------------------------------------------------------------------------------------------------------------ //------------------------------------------------------------------------------------------------------------------------------
core_rpc_server::core_rpc_server( core_rpc_server::core_rpc_server(
@ -64,29 +64,29 @@ namespace cryptonote
, m_p2p(p2p) , m_p2p(p2p)
{} {}
//------------------------------------------------------------------------------------------------------------------------------ //------------------------------------------------------------------------------------------------------------------------------
bool core_rpc_server::handle_command_line(
const boost::program_options::variables_map& vm
)
{
auto p2p_bind_arg = m_testnet ? arg_testnet_rpc_bind_port : arg_rpc_bind_port;
m_bind_ip = command_line::get_arg(vm, arg_rpc_bind_ip);
m_port = command_line::get_arg(vm, p2p_bind_arg);
m_restricted = command_line::get_arg(vm, arg_restricted_rpc);
return true;
}
//------------------------------------------------------------------------------------------------------------------------------
bool core_rpc_server::init( bool core_rpc_server::init(
const boost::program_options::variables_map& vm const boost::program_options::variables_map& vm
) )
{ {
m_testnet = command_line::get_arg(vm, command_line::arg_testnet_on); m_testnet = command_line::get_arg(vm, command_line::arg_testnet_on);
std::string m_user_agent = command_line::get_arg(vm, command_line::arg_user_agent);
m_net_server.set_threads_prefix("RPC"); m_net_server.set_threads_prefix("RPC");
bool r = handle_command_line(vm);
CHECK_AND_ASSERT_MES(r, false, "Failed to process command line in core_rpc_server"); auto p2p_bind_arg = m_testnet ? arg_testnet_rpc_bind_port : arg_rpc_bind_port;
return epee::http_server_impl_base<core_rpc_server, connection_context>::init(m_port, m_bind_ip, m_user_agent);
auto rpc_config = cryptonote::rpc_args::process(vm);
if (!rpc_config)
return false;
m_restricted = command_line::get_arg(vm, arg_restricted_rpc);
boost::optional<epee::net_utils::http::login> http_login{};
std::string port = command_line::get_arg(vm, p2p_bind_arg);
if (rpc_config->login)
http_login.emplace(std::move(rpc_config->login->username), std::move(rpc_config->login->password).password());
return epee::http_server_impl_base<core_rpc_server, connection_context>::init(
std::move(port), std::move(rpc_config->bind_ip), std::move(http_login)
);
} }
//------------------------------------------------------------------------------------------------------------------------------ //------------------------------------------------------------------------------------------------------------------------------
bool core_rpc_server::check_core_busy() bool core_rpc_server::check_core_busy()
@ -1446,12 +1446,6 @@ namespace cryptonote
} }
//------------------------------------------------------------------------------------------------------------------------------ //------------------------------------------------------------------------------------------------------------------------------
const command_line::arg_descriptor<std::string> core_rpc_server::arg_rpc_bind_ip = {
"rpc-bind-ip"
, "IP for RPC server"
, "127.0.0.1"
};
const command_line::arg_descriptor<std::string> core_rpc_server::arg_rpc_bind_port = { const command_line::arg_descriptor<std::string> core_rpc_server::arg_rpc_bind_port = {
"rpc-bind-port" "rpc-bind-port"
, "Port for RPC server" , "Port for RPC server"
@ -1469,11 +1463,4 @@ namespace cryptonote
, "Restrict RPC to view only commands" , "Restrict RPC to view only commands"
, false , false
}; };
const command_line::arg_descriptor<std::string> core_rpc_server::arg_user_agent = {
"user-agent"
, "Restrict RPC to clients using this user agent"
, ""
};
} // namespace cryptonote } // namespace cryptonote

View file

@ -52,11 +52,9 @@ namespace cryptonote
{ {
public: public:
static const command_line::arg_descriptor<std::string> arg_rpc_bind_ip;
static const command_line::arg_descriptor<std::string> arg_rpc_bind_port; static const command_line::arg_descriptor<std::string> arg_rpc_bind_port;
static const command_line::arg_descriptor<std::string> arg_testnet_rpc_bind_port; static const command_line::arg_descriptor<std::string> arg_testnet_rpc_bind_port;
static const command_line::arg_descriptor<bool> arg_restricted_rpc; static const command_line::arg_descriptor<bool> arg_restricted_rpc;
static const command_line::arg_descriptor<std::string> arg_user_agent;
typedef epee::net_utils::connection_context_base connection_context; typedef epee::net_utils::connection_context_base connection_context;
@ -175,10 +173,6 @@ namespace cryptonote
//----------------------- //-----------------------
private: private:
bool handle_command_line(
const boost::program_options::variables_map& vm
);
bool check_core_busy(); bool check_core_busy();
bool check_core_ready(); bool check_core_ready();
@ -188,8 +182,6 @@ private:
core& m_core; core& m_core;
nodetool::node_server<cryptonote::t_cryptonote_protocol_handler<cryptonote::core> >& m_p2p; nodetool::node_server<cryptonote::t_cryptonote_protocol_handler<cryptonote::core> >& m_p2p;
std::string m_port;
std::string m_bind_ip;
bool m_testnet; bool m_testnet;
bool m_restricted; bool m_restricted;
}; };

96
src/rpc/rpc_args.cpp Normal file
View file

@ -0,0 +1,96 @@
// Copyright (c) 2014-2017, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
#include "rpc_args.h"
#include <boost/asio/ip/address.hpp>
#include "common/command_line.h"
#include "common/i18n.h"
namespace cryptonote
{
rpc_args::descriptors::descriptors()
: rpc_bind_ip({"rpc-bind-ip", rpc_args::tr("Specify ip to bind rpc server"), "127.0.0.1"})
, rpc_login({"rpc-login", rpc_args::tr("Specify username[:password] required for RPC server"), "", true})
, confirm_external_bind({"confirm-external-bind", rpc_args::tr("Confirm rcp-bind-ip value is NOT a loopback (local) IP")})
{}
const char* rpc_args::tr(const char* str) { return i18n_translate(str, "cryptonote::rpc_args"); }
void rpc_args::init_options(boost::program_options::options_description& desc)
{
const descriptors arg{};
command_line::add_arg(desc, arg.rpc_bind_ip);
command_line::add_arg(desc, arg.rpc_login);
command_line::add_arg(desc, arg.confirm_external_bind);
}
boost::optional<rpc_args> rpc_args::process(const boost::program_options::variables_map& vm)
{
const descriptors arg{};
rpc_args config{};
config.bind_ip = command_line::get_arg(vm, arg.rpc_bind_ip);
if (!config.bind_ip.empty())
{
// always parse IP here for error consistency
boost::system::error_code ec{};
const auto parsed_ip = boost::asio::ip::address::from_string(config.bind_ip, ec);
if (ec)
{
LOG_ERROR(tr("Invalid IP address given for --") << arg.rpc_bind_ip.name);
return boost::none;
}
if (!parsed_ip.is_loopback() && !command_line::get_arg(vm, arg.confirm_external_bind))
{
LOG_ERROR(
"--" << arg.rpc_bind_ip.name <<
tr(" permits inbound unencrypted external connections. Consider SSH tunnel or SSL proxy instead. Override with --") <<
arg.confirm_external_bind.name
);
return boost::none;
}
}
if (command_line::has_arg(vm, arg.rpc_login))
{
config.login = tools::login::parse(command_line::get_arg(vm, arg.rpc_login), true, "RPC server password");
if (!config.login)
return boost::none;
if (config.login->username.empty())
{
LOG_ERROR(tr("Username specified with --") << arg.rpc_login.name << tr(" cannot be empty"));
return boost::none;
}
}
return {std::move(config)};
}
}

67
src/rpc/rpc_args.h Normal file
View file

@ -0,0 +1,67 @@
// Copyright (c) 2014-2017, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
#pragma once
#include <boost/optional/optional.hpp>
#include <boost/program_options/options_description.hpp>
#include <boost/program_options/variables_map.hpp>
#include <string>
#include "common/command_line.h"
#include "common/password.h"
namespace cryptonote
{
//! Processes command line arguments related to server-side RPC
struct rpc_args
{
// non-static construction prevents initialization order issues
struct descriptors
{
descriptors();
descriptors(const descriptors&) = delete;
descriptors(descriptors&&) = delete;
descriptors& operator=(const descriptors&) = delete;
descriptors& operator=(descriptors&&) = delete;
const command_line::arg_descriptor<std::string> rpc_bind_ip;
const command_line::arg_descriptor<std::string> rpc_login;
const command_line::arg_descriptor<bool> confirm_external_bind;
};
static const char* tr(const char* str);
static void init_options(boost::program_options::options_description& desc);
//! \return Arguments specified by user, or `boost::none` if error
static boost::optional<rpc_args> process(const boost::program_options::variables_map& vm);
std::string bind_ip;
boost::optional<tools::login> login; // currently `boost::none` if unspecified by user
};
}

View file

@ -1192,7 +1192,7 @@ bool simple_wallet::init(const boost::program_options::variables_map& vm)
} }
catch (const std::exception &e) { } catch (const std::exception &e) { }
m_http_client.set_server(m_wallet->get_daemon_address()); m_http_client.set_server(m_wallet->get_daemon_address(), m_wallet->get_daemon_login());
m_wallet->callback(this); m_wallet->callback(this);
return true; return true;
} }

View file

@ -44,7 +44,7 @@
#include "cryptonote_core/cryptonote_basic_impl.h" #include "cryptonote_core/cryptonote_basic_impl.h"
#include "wallet/wallet2.h" #include "wallet/wallet2.h"
#include "console_handler.h" #include "console_handler.h"
#include "wallet/password_container.h" #include "common/password.h"
#include "crypto/crypto.h" // for definition of crypto::secret_key #include "crypto/crypto.h" // for definition of crypto::secret_key
#undef MONERO_DEFAULT_LOG_CATEGORY #undef MONERO_DEFAULT_LOG_CATEGORY

View file

@ -31,7 +31,6 @@
set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib) set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib)
set(wallet_sources set(wallet_sources
password_container.cpp
wallet2.cpp wallet2.cpp
wallet_args.cpp wallet_args.cpp
node_rpc_proxy.cpp node_rpc_proxy.cpp
@ -49,7 +48,6 @@ set(wallet_api_headers
set(wallet_private_headers set(wallet_private_headers
password_container.h
wallet2.h wallet2.h
wallet_args.h wallet_args.h
wallet_errors.h wallet_errors.h
@ -74,6 +72,7 @@ monero_add_library(wallet
${wallet_private_headers}) ${wallet_private_headers})
target_link_libraries(wallet target_link_libraries(wallet
PUBLIC PUBLIC
common
cryptonote_core cryptonote_core
mnemonics mnemonics
p2p p2p

View file

@ -1364,7 +1364,7 @@ bool WalletImpl::isNewWallet() const
bool WalletImpl::doInit(const string &daemon_address, uint64_t upper_transaction_size_limit) bool WalletImpl::doInit(const string &daemon_address, uint64_t upper_transaction_size_limit)
{ {
if (!m_wallet->init(daemon_address, upper_transaction_size_limit)) if (!m_wallet->init(daemon_address, boost::none, upper_transaction_size_limit))
return false; return false;
// in case new wallet, this will force fast-refresh (pulling hashes instead of blocks) // in case new wallet, this will force fast-refresh (pulling hashes instead of blocks)

View file

@ -48,7 +48,7 @@ namespace {
bool connect_and_invoke(const std::string& address, const std::string& path, const Request& request, Response& response) bool connect_and_invoke(const std::string& address, const std::string& path, const Request& request, Response& response)
{ {
epee::net_utils::http::http_simple_client client{}; epee::net_utils::http::http_simple_client client{};
return client.set_server(address) && epee::net_utils::invoke_http_json(path, request, response, client); return client.set_server(address, boost::none) && epee::net_utils::invoke_http_json(path, request, response, client);
} }
} }

View file

@ -108,6 +108,7 @@ struct options {
const command_line::arg_descriptor<std::string> password = {"password", tools::wallet2::tr("Wallet password"), "", true}; const command_line::arg_descriptor<std::string> password = {"password", tools::wallet2::tr("Wallet password"), "", true};
const command_line::arg_descriptor<std::string> password_file = {"password-file", tools::wallet2::tr("Wallet password file"), "", true}; const command_line::arg_descriptor<std::string> password_file = {"password-file", tools::wallet2::tr("Wallet password file"), "", true};
const command_line::arg_descriptor<int> daemon_port = {"daemon-port", tools::wallet2::tr("Use daemon instance at port <arg> instead of 18081"), 0}; const command_line::arg_descriptor<int> daemon_port = {"daemon-port", tools::wallet2::tr("Use daemon instance at port <arg> instead of 18081"), 0};
const command_line::arg_descriptor<std::string> daemon_login = {"daemon-login", tools::wallet2::tr("Specify username[:password] for daemon RPC client"), "", true};
const command_line::arg_descriptor<bool> testnet = {"testnet", tools::wallet2::tr("For testnet. Daemon must also be launched with --testnet flag"), false}; const command_line::arg_descriptor<bool> testnet = {"testnet", tools::wallet2::tr("For testnet. Daemon must also be launched with --testnet flag"), false};
const command_line::arg_descriptor<bool> restricted = {"restricted-rpc", tools::wallet2::tr("Restricts to view-only commands"), false}; const command_line::arg_descriptor<bool> restricted = {"restricted-rpc", tools::wallet2::tr("Restricts to view-only commands"), false};
}; };
@ -152,6 +153,18 @@ std::unique_ptr<tools::wallet2> make_basic(const boost::program_options::variabl
return nullptr; return nullptr;
} }
boost::optional<epee::net_utils::http::login> login{};
if (command_line::has_arg(vm, opts.daemon_login))
{
auto parsed = tools::login::parse(
command_line::get_arg(vm, opts.daemon_login), false, "Daemon client password"
);
if (!parsed)
return nullptr;
login.emplace(std::move(parsed->username), std::move(parsed->password).password());
}
if (daemon_host.empty()) if (daemon_host.empty())
daemon_host = "localhost"; daemon_host = "localhost";
@ -164,7 +177,7 @@ std::unique_ptr<tools::wallet2> make_basic(const boost::program_options::variabl
daemon_address = std::string("http://") + daemon_host + ":" + std::to_string(daemon_port); daemon_address = std::string("http://") + daemon_host + ":" + std::to_string(daemon_port);
std::unique_ptr<tools::wallet2> wallet(new tools::wallet2(testnet, restricted)); std::unique_ptr<tools::wallet2> wallet(new tools::wallet2(testnet, restricted));
wallet->init(std::move(daemon_address)); wallet->init(std::move(daemon_address), std::move(login));
return wallet; return wallet;
} }
@ -434,6 +447,7 @@ void wallet2::init_options(boost::program_options::options_description& desc_par
command_line::add_arg(desc_params, opts.password); command_line::add_arg(desc_params, opts.password);
command_line::add_arg(desc_params, opts.password_file); command_line::add_arg(desc_params, opts.password_file);
command_line::add_arg(desc_params, opts.daemon_port); command_line::add_arg(desc_params, opts.daemon_port);
command_line::add_arg(desc_params, opts.daemon_login);
command_line::add_arg(desc_params, opts.testnet); command_line::add_arg(desc_params, opts.testnet);
command_line::add_arg(desc_params, opts.restricted); command_line::add_arg(desc_params, opts.restricted);
} }
@ -485,11 +499,12 @@ std::pair<std::unique_ptr<wallet2>, password_container> wallet2::make_new(const
} }
//---------------------------------------------------------------------------------------------------- //----------------------------------------------------------------------------------------------------
bool wallet2::init(std::string daemon_address, uint64_t upper_transaction_size_limit) bool wallet2::init(std::string daemon_address, boost::optional<epee::net_utils::http::login> daemon_login, uint64_t upper_transaction_size_limit)
{ {
m_upper_transaction_size_limit = upper_transaction_size_limit; m_upper_transaction_size_limit = upper_transaction_size_limit;
m_daemon_address = std::move(daemon_address); m_daemon_address = std::move(daemon_address);
return m_http_client.set_server(get_daemon_address()); m_daemon_login = std::move(daemon_login);
return m_http_client.set_server(get_daemon_address(), get_daemon_login());
} }
//---------------------------------------------------------------------------------------------------- //----------------------------------------------------------------------------------------------------
bool wallet2::is_deterministic() const bool wallet2::is_deterministic() const

View file

@ -53,7 +53,7 @@
#include "ringct/rctOps.h" #include "ringct/rctOps.h"
#include "wallet_errors.h" #include "wallet_errors.h"
#include "password_container.h" #include "common/password.h"
#include "node_rpc_proxy.h" #include "node_rpc_proxy.h"
#include <iostream> #include <iostream>
@ -343,7 +343,8 @@ namespace tools
// into account the current median block size rather than // into account the current median block size rather than
// the minimum block size. // the minimum block size.
bool deinit(); bool deinit();
bool init(std::string daemon_address = "http://localhost:8080", uint64_t upper_transaction_size_limit = 0); bool init(std::string daemon_address = "http://localhost:8080",
boost::optional<epee::net_utils::http::login> daemon_login = boost::none, uint64_t upper_transaction_size_limit = 0);
void stop() { m_run.store(false, std::memory_order_relaxed); } void stop() { m_run.store(false, std::memory_order_relaxed); }
@ -527,6 +528,7 @@ namespace tools
std::string get_wallet_file() const; std::string get_wallet_file() const;
std::string get_keys_file() const; std::string get_keys_file() const;
std::string get_daemon_address() const; std::string get_daemon_address() const;
const boost::optional<epee::net_utils::http::login>& get_daemon_login() const { return m_daemon_login; }
uint64_t get_daemon_blockchain_height(std::string& err); uint64_t get_daemon_blockchain_height(std::string& err);
uint64_t get_daemon_blockchain_target_height(std::string& err); uint64_t get_daemon_blockchain_target_height(std::string& err);
/*! /*!
@ -619,6 +621,7 @@ namespace tools
crypto::public_key get_tx_pub_key_from_received_outs(const tools::wallet2::transfer_details &td) const; crypto::public_key get_tx_pub_key_from_received_outs(const tools::wallet2::transfer_details &td) const;
cryptonote::account_base m_account; cryptonote::account_base m_account;
boost::optional<epee::net_utils::http::login> m_daemon_login;
std::string m_daemon_address; std::string m_daemon_address;
std::string m_wallet_file; std::string m_wallet_file;
std::string m_keys_file; std::string m_keys_file;

View file

@ -45,6 +45,7 @@ using namespace epee;
#include "string_coding.h" #include "string_coding.h"
#include "string_tools.h" #include "string_tools.h"
#include "crypto/hash.h" #include "crypto/hash.h"
#include "rpc/rpc_args.h"
#undef MONERO_DEFAULT_LOG_CATEGORY #undef MONERO_DEFAULT_LOG_CATEGORY
#define MONERO_DEFAULT_LOG_CATEGORY "wallet.rpc" #define MONERO_DEFAULT_LOG_CATEGORY "wallet.rpc"
@ -52,10 +53,7 @@ using namespace epee;
namespace namespace
{ {
const command_line::arg_descriptor<std::string, true> arg_rpc_bind_port = {"rpc-bind-port", "Sets bind port for server"}; const command_line::arg_descriptor<std::string, true> arg_rpc_bind_port = {"rpc-bind-port", "Sets bind port for server"};
const command_line::arg_descriptor<std::string> arg_rpc_bind_ip = {"rpc-bind-ip", "Specify ip to bind rpc server", "127.0.0.1"}; const command_line::arg_descriptor<bool> arg_disable_rpc_login = {"disable-rpc-login", "Disable HTTP authentication for RPC connections served by this process"};
const command_line::arg_descriptor<std::string> arg_rpc_login = {"rpc-login", "Specify username[:password] required for RPC connection"};
const command_line::arg_descriptor<bool> arg_disable_rpc_login = {"disable-rpc-login", "Disable HTTP authentication for RPC"};
const command_line::arg_descriptor<bool> arg_confirm_external_bind = {"confirm-external-bind", "Confirm rcp-bind-ip value is NOT a loopback (local) IP"};
constexpr const char default_rpc_username[] = "monero"; constexpr const char default_rpc_username[] = "monero";
} }
@ -107,75 +105,41 @@ namespace tools
//------------------------------------------------------------------------------------------------------------------------------ //------------------------------------------------------------------------------------------------------------------------------
bool wallet_rpc_server::init(const boost::program_options::variables_map& vm) bool wallet_rpc_server::init(const boost::program_options::variables_map& vm)
{ {
std::string bind_ip = command_line::get_arg(vm, arg_rpc_bind_ip); auto rpc_config = cryptonote::rpc_args::process(vm);
if (!bind_ip.empty()) if (!rpc_config)
{
// always parse IP here for error consistency
boost::system::error_code ec{};
const auto parsed_ip = boost::asio::ip::address::from_string(bind_ip, ec);
if (ec)
{
LOG_ERROR(tr("Invalid IP address given for rpc-bind-ip argument"));
return false; return false;
}
if (!parsed_ip.is_loopback() && !command_line::get_arg(vm, arg_confirm_external_bind))
{
LOG_ERROR(
tr("The rpc-bind-ip value is listening for unencrypted external connections. Consider SSH tunnel or SSL proxy instead. Override with --confirm-external-bind")
);
return false;
}
}
epee::net_utils::http::login login{};
boost::optional<epee::net_utils::http::login> http_login{};
std::string bind_port = command_line::get_arg(vm, arg_rpc_bind_port);
const bool disable_auth = command_line::get_arg(vm, arg_disable_rpc_login); const bool disable_auth = command_line::get_arg(vm, arg_disable_rpc_login);
const std::string user_pass = command_line::get_arg(vm, arg_rpc_login);
const std::string bind_port = command_line::get_arg(vm, arg_rpc_bind_port);
if (disable_auth) if (disable_auth)
{ {
if (!user_pass.empty()) if (rpc_config->login)
{ {
LOG_ERROR(tr("Cannot specify --") << arg_disable_rpc_login.name << tr(" and --") << arg_rpc_login.name); const cryptonote::rpc_args::descriptors arg{};
LOG_ERROR(tr("Cannot specify --") << arg_disable_rpc_login.name << tr(" and --") << arg.rpc_login.name);
return false; return false;
} }
} }
else // auth enabled else // auth enabled
{ {
if (user_pass.empty()) if (!rpc_config->login)
{ {
login.username = default_rpc_username;
std::array<std::uint8_t, 16> rand_128bit{{}}; std::array<std::uint8_t, 16> rand_128bit{{}};
crypto::rand(rand_128bit.size(), rand_128bit.data()); crypto::rand(rand_128bit.size(), rand_128bit.data());
login.password = string_encoding::base64_encode(rand_128bit.data(), rand_128bit.size()); http_login.emplace(
} default_rpc_username,
else // user password string_encoding::base64_encode(rand_128bit.data(), rand_128bit.size())
{ );
const auto loc = user_pass.find(':');
login.username = user_pass.substr(0, loc);
if (loc != std::string::npos)
{
login.password = user_pass.substr(loc + 1);
} }
else else
{ {
login.password = tools::password_container::prompt(true, "RPC password").value_or( http_login.emplace(
tools::password_container{} std::move(rpc_config->login->username), std::move(rpc_config->login->password).password()
).password(); );
} }
assert(bool(http_login));
if (login.username.empty() || login.password.empty())
{
LOG_ERROR(tr("Blank username or password not permitted for RPC authenticaion"));
return false;
}
}
assert(!login.username.empty());
assert(!login.password.empty());
std::string temp = "monero-wallet-rpc." + bind_port + ".login"; std::string temp = "monero-wallet-rpc." + bind_port + ".login";
const auto cookie = tools::create_private_file(temp); const auto cookie = tools::create_private_file(temp);
@ -186,9 +150,9 @@ namespace tools
} }
rpc_login_filename.swap(temp); // nothrow guarantee destructor cleanup rpc_login_filename.swap(temp); // nothrow guarantee destructor cleanup
temp = rpc_login_filename; temp = rpc_login_filename;
std::fputs(login.username.c_str(), cookie.get()); std::fputs(http_login->username.c_str(), cookie.get());
std::fputc(':', cookie.get()); std::fputc(':', cookie.get());
std::fputs(login.password.c_str(), cookie.get()); std::fputs(http_login->password.c_str(), cookie.get());
std::fflush(cookie.get()); std::fflush(cookie.get());
if (std::ferror(cookie.get())) if (std::ferror(cookie.get()))
{ {
@ -200,7 +164,7 @@ namespace tools
m_net_server.set_threads_prefix("RPC"); m_net_server.set_threads_prefix("RPC");
return epee::http_server_impl_base<wallet_rpc_server, connection_context>::init( return epee::http_server_impl_base<wallet_rpc_server, connection_context>::init(
std::move(bind_port), std::move(bind_ip), std::string{}, boost::make_optional(!disable_auth, std::move(login)) std::move(bind_port), std::move(rpc_config->bind_ip), std::move(http_login)
); );
} }
//------------------------------------------------------------------------------------------------------------------------------ //------------------------------------------------------------------------------------------------------------------------------
@ -1410,14 +1374,13 @@ int main(int argc, char** argv) {
po::options_description desc_params(wallet_args::tr("Wallet options")); po::options_description desc_params(wallet_args::tr("Wallet options"));
tools::wallet2::init_options(desc_params); tools::wallet2::init_options(desc_params);
command_line::add_arg(desc_params, arg_rpc_bind_ip);
command_line::add_arg(desc_params, arg_rpc_bind_port); command_line::add_arg(desc_params, arg_rpc_bind_port);
command_line::add_arg(desc_params, arg_rpc_login);
command_line::add_arg(desc_params, arg_disable_rpc_login); command_line::add_arg(desc_params, arg_disable_rpc_login);
command_line::add_arg(desc_params, arg_confirm_external_bind); cryptonote::rpc_args::init_options(desc_params);
command_line::add_arg(desc_params, arg_wallet_file); command_line::add_arg(desc_params, arg_wallet_file);
command_line::add_arg(desc_params, arg_from_json); command_line::add_arg(desc_params, arg_from_json);
const auto vm = wallet_args::main( const auto vm = wallet_args::main(
argc, argv, argc, argv,
"monero-wallet-rpc [--wallet-file=<file>|--generate-from-json=<file>] [--rpc-bind-port=<port>]", "monero-wallet-rpc [--wallet-file=<file>|--generate-from-json=<file>] [--rpc-bind-port=<port>]",

View file

@ -159,7 +159,7 @@ bool transactions_flow_test(std::string& working_folder,
epee::net_utils::http::http_simple_client http_client; epee::net_utils::http::http_simple_client http_client;
COMMAND_RPC_STOP_MINING::request daemon1_req = AUTO_VAL_INIT(daemon1_req); COMMAND_RPC_STOP_MINING::request daemon1_req = AUTO_VAL_INIT(daemon1_req);
COMMAND_RPC_STOP_MINING::response daemon1_rsp = AUTO_VAL_INIT(daemon1_rsp); COMMAND_RPC_STOP_MINING::response daemon1_rsp = AUTO_VAL_INIT(daemon1_rsp);
bool r = http_client.set_server(daemon_addr_a) && net_utils::invoke_http_json("/stop_mine", daemon1_req, daemon1_rsp, http_client, std::chrono::seconds(10)); bool r = http_client.set_server(daemon_addr_a, boost::none) && net_utils::invoke_http_json("/stop_mine", daemon1_req, daemon1_rsp, http_client, std::chrono::seconds(10));
CHECK_AND_ASSERT_MES(r, false, "failed to stop mining"); CHECK_AND_ASSERT_MES(r, false, "failed to stop mining");
COMMAND_RPC_START_MINING::request daemon_req = AUTO_VAL_INIT(daemon_req); COMMAND_RPC_START_MINING::request daemon_req = AUTO_VAL_INIT(daemon_req);

View file

@ -42,7 +42,7 @@ set(unit_tests_sources
epee_levin_protocol_handler_async.cpp epee_levin_protocol_handler_async.cpp
fee.cpp fee.cpp
get_xtype_from_string.cpp get_xtype_from_string.cpp
http_auth.cpp http.cpp
main.cpp main.cpp
mnemonics.cpp mnemonics.cpp
mul_div.cpp mul_div.cpp

View file

@ -109,7 +109,7 @@ http::http_response_info make_response(const auth_responses& choices)
std::string out{" DIGEST "}; std::string out{" DIGEST "};
write_fields(out, choice); write_fields(out, choice);
response.m_additional_fields.push_back( response.m_header_info.m_etc_fields.push_back(
std::make_pair(u8"WWW-authenticate", std::move(out)) std::make_pair(u8"WWW-authenticate", std::move(out))
); );
} }
@ -510,7 +510,7 @@ TEST(HTTP_Server_Auth, MD5_sess_auth)
TEST(HTTP_Auth, DogFood) TEST(HTTP_Auth, DogFood)
{ {
const auto add_field = [] (http::http_request_info& request, http::http_client_auth& client) const auto add_auth_field = [] (http::http_request_info& request, http::http_client_auth& client)
{ {
auto field = client.get_auth_field(request.m_http_method_str, request.m_URI); auto field = client.get_auth_field(request.m_http_method_str, request.m_URI);
EXPECT_TRUE(bool(field)); EXPECT_TRUE(bool(field));
@ -529,19 +529,21 @@ TEST(HTTP_Auth, DogFood)
request.m_http_method_str = "GET"; request.m_http_method_str = "GET";
request.m_URI = "/FOO"; request.m_URI = "/FOO";
const auto response = server.get_response(request); auto response = server.get_response(request);
ASSERT_TRUE(bool(response)); ASSERT_TRUE(bool(response));
EXPECT_TRUE(is_unauthorized(*response)); EXPECT_TRUE(is_unauthorized(*response));
EXPECT_TRUE(response->m_header_info.m_etc_fields.empty());
response->m_header_info.m_etc_fields = response->m_additional_fields;
EXPECT_EQ(http::http_client_auth::kSuccess, client.handle_401(*response)); EXPECT_EQ(http::http_client_auth::kSuccess, client.handle_401(*response));
EXPECT_TRUE(add_field(request, client)); EXPECT_TRUE(add_auth_field(request, client));
EXPECT_FALSE(bool(server.get_response(request))); EXPECT_FALSE(bool(server.get_response(request)));
for (unsigned i = 0; i < 1000; ++i) for (unsigned i = 0; i < 1000; ++i)
{ {
request.m_http_method_str += std::to_string(i); request.m_http_method_str += std::to_string(i);
request.m_header_info.m_etc_fields.clear(); request.m_header_info.m_etc_fields.clear();
EXPECT_TRUE(add_field(request, client)); EXPECT_TRUE(add_auth_field(request, client));
EXPECT_FALSE(bool(server.get_response(request))); EXPECT_FALSE(bool(server.get_response(request)));
} }
@ -549,11 +551,13 @@ TEST(HTTP_Auth, DogFood)
request.m_header_info.m_etc_fields.clear(); request.m_header_info.m_etc_fields.clear();
client = http::http_client_auth{user}; client = http::http_client_auth{user};
EXPECT_EQ(http::http_client_auth::kSuccess, client.handle_401(*response)); EXPECT_EQ(http::http_client_auth::kSuccess, client.handle_401(*response));
EXPECT_TRUE(add_field(request, client)); EXPECT_TRUE(add_auth_field(request, client));
const auto response2 = server.get_response(request); auto response2 = server.get_response(request);
ASSERT_TRUE(bool(response2)); ASSERT_TRUE(bool(response2));
EXPECT_TRUE(is_unauthorized(*response2)); EXPECT_TRUE(is_unauthorized(*response2));
EXPECT_TRUE(response2->m_header_info.m_etc_fields.empty());
response2->m_header_info.m_etc_fields = response2->m_additional_fields;
const auth_responses parsed1 = parse_response(*response); const auth_responses parsed1 = parse_response(*response);
const auth_responses parsed2 = parse_response(*response2); const auth_responses parsed2 = parse_response(*response2);
@ -564,7 +568,7 @@ TEST(HTTP_Auth, DogFood)
// with stale=true client should reset // with stale=true client should reset
request.m_header_info.m_etc_fields.clear(); request.m_header_info.m_etc_fields.clear();
EXPECT_EQ(http::http_client_auth::kSuccess, client.handle_401(*response2)); EXPECT_EQ(http::http_client_auth::kSuccess, client.handle_401(*response2));
EXPECT_TRUE(add_field(request, client)); EXPECT_TRUE(add_auth_field(request, client));
EXPECT_FALSE(bool(server.get_response(request))); EXPECT_FALSE(bool(server.get_response(request)));
// client should give up if stale=false // client should give up if stale=false
@ -654,7 +658,7 @@ TEST(HTTP_Client_Auth, MD5)
EXPECT_EQ(http::http_client_auth::kBadPassword, auth.handle_401(response)); EXPECT_EQ(http::http_client_auth::kBadPassword, auth.handle_401(response));
response.m_additional_fields.front().second.append(u8"," + write_fields({{u8"stale", u8"TRUE"}})); response.m_header_info.m_etc_fields.front().second.append(u8"," + write_fields({{u8"stale", u8"TRUE"}}));
EXPECT_EQ(http::http_client_auth::kSuccess, auth.handle_401(response)); EXPECT_EQ(http::http_client_auth::kSuccess, auth.handle_401(response));
} }
@ -718,7 +722,17 @@ TEST(HTTP_Client_Auth, MD5_auth)
} }
EXPECT_EQ(http::http_client_auth::kBadPassword, auth.handle_401(response)); EXPECT_EQ(http::http_client_auth::kBadPassword, auth.handle_401(response));
response.m_additional_fields.back().second.append(u8"," + write_fields({{u8"stale", u8"trUe"}})); response.m_header_info.m_etc_fields.back().second.append(u8"," + write_fields({{u8"stale", u8"trUe"}}));
EXPECT_EQ(http::http_client_auth::kSuccess, auth.handle_401(response)); EXPECT_EQ(http::http_client_auth::kSuccess, auth.handle_401(response));
} }
TEST(HTTP, Add_Field)
{
std::string str{"leading text"};
epee::net_utils::http::add_field(str, "foo", "bar");
epee::net_utils::http::add_field(str, std::string("bar"), std::string("foo"));
epee::net_utils::http::add_field(str, {"moarbars", "moarfoo"});
EXPECT_STREQ("leading textfoo: bar\r\nbar: foo\r\nmoarbars: moarfoo\r\n", str.c_str());
}