From 9f8bc4946b3993ad4437936dcae705d2c8f1116a Mon Sep 17 00:00:00 2001 From: osensei Date: Sat, 14 May 2016 03:06:04 -0300 Subject: [PATCH 1/2] Don't allow 'flush_txpool' and 'setbans' JSON_RPC methods when running in restricted mode. --- contrib/epee/include/net/http_server_handlers_map2.h | 6 ++++-- src/rpc/core_rpc_server.h | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/contrib/epee/include/net/http_server_handlers_map2.h b/contrib/epee/include/net/http_server_handlers_map2.h index a822cce3..3a7d5333 100644 --- a/contrib/epee/include/net/http_server_handlers_map2.h +++ b/contrib/epee/include/net/http_server_handlers_map2.h @@ -168,8 +168,8 @@ response_info.m_header_info.m_content_type = " application/json"; \ LOG_PRINT( query_info.m_URI << "[" << method_name << "] processed with " << ticks1-ticks << "/"<< ticks2-ticks1 << "/" << ticks3-ticks2 << "ms", LOG_LEVEL_2); -#define MAP_JON_RPC_WE(method_name, callback_f, command_type) \ - else if(callback_name == method_name) \ +#define MAP_JON_RPC_WE_IF(method_name, callback_f, command_type, cond) \ + else if((callback_name == method_name) && (cond)) \ { \ PREPARE_OBJECTS_FROM_JSON(command_type) \ epee::json_rpc::error_response fail_resp = AUTO_VAL_INIT(fail_resp); \ @@ -184,6 +184,8 @@ return true;\ } +#define MAP_JON_RPC_WE(method_name, callback_f, command_type) MAP_JON_RPC_WE_IF(method_name, callback_f, command_type, true) + #define MAP_JON_RPC_WERI(method_name, callback_f, command_type) \ else if(callback_name == method_name) \ { \ diff --git a/src/rpc/core_rpc_server.h b/src/rpc/core_rpc_server.h index 4bed148f..c6579c0c 100644 --- a/src/rpc/core_rpc_server.h +++ b/src/rpc/core_rpc_server.h @@ -107,9 +107,9 @@ namespace cryptonote MAP_JON_RPC_WE("get_connections", on_get_connections, COMMAND_RPC_GET_CONNECTIONS) MAP_JON_RPC_WE("get_info", on_get_info_json, COMMAND_RPC_GET_INFO) MAP_JON_RPC_WE("hard_fork_info", on_hard_fork_info, COMMAND_RPC_HARD_FORK_INFO) - MAP_JON_RPC_WE("setbans", on_set_bans, COMMAND_RPC_SETBANS) + MAP_JON_RPC_WE_IF("setbans", on_set_bans, COMMAND_RPC_SETBANS, !m_restricted) MAP_JON_RPC_WE("getbans", on_get_bans, COMMAND_RPC_GETBANS) - MAP_JON_RPC_WE("flush_txpool", on_flush_txpool, COMMAND_RPC_FLUSH_TRANSACTION_POOL) + MAP_JON_RPC_WE_IF("flush_txpool", on_flush_txpool, COMMAND_RPC_FLUSH_TRANSACTION_POOL, !m_restricted) MAP_JON_RPC_WE("get_output_histogram", on_get_output_histogram, COMMAND_RPC_GET_OUTPUT_HISTOGRAM) END_JSON_RPC_MAP() END_URI_MAP2() From 1c0bffb5f0c9b60a4314c22d6689e287227bd423 Mon Sep 17 00:00:00 2001 From: osensei Date: Mon, 16 May 2016 08:34:15 -0300 Subject: [PATCH 2/2] Restrict also 'get_connections' and 'getbans' APIs. --- src/rpc/core_rpc_server.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/rpc/core_rpc_server.h b/src/rpc/core_rpc_server.h index c6579c0c..a7a54b59 100644 --- a/src/rpc/core_rpc_server.h +++ b/src/rpc/core_rpc_server.h @@ -104,11 +104,11 @@ namespace cryptonote MAP_JON_RPC_WE("getblockheaderbyhash", on_get_block_header_by_hash, COMMAND_RPC_GET_BLOCK_HEADER_BY_HASH) MAP_JON_RPC_WE("getblockheaderbyheight", on_get_block_header_by_height, COMMAND_RPC_GET_BLOCK_HEADER_BY_HEIGHT) MAP_JON_RPC_WE("getblock", on_get_block, COMMAND_RPC_GET_BLOCK) - MAP_JON_RPC_WE("get_connections", on_get_connections, COMMAND_RPC_GET_CONNECTIONS) + MAP_JON_RPC_WE_IF("get_connections", on_get_connections, COMMAND_RPC_GET_CONNECTIONS, !m_restricted) MAP_JON_RPC_WE("get_info", on_get_info_json, COMMAND_RPC_GET_INFO) MAP_JON_RPC_WE("hard_fork_info", on_hard_fork_info, COMMAND_RPC_HARD_FORK_INFO) MAP_JON_RPC_WE_IF("setbans", on_set_bans, COMMAND_RPC_SETBANS, !m_restricted) - MAP_JON_RPC_WE("getbans", on_get_bans, COMMAND_RPC_GETBANS) + MAP_JON_RPC_WE_IF("getbans", on_get_bans, COMMAND_RPC_GETBANS, !m_restricted) MAP_JON_RPC_WE_IF("flush_txpool", on_flush_txpool, COMMAND_RPC_FLUSH_TRANSACTION_POOL, !m_restricted) MAP_JON_RPC_WE("get_output_histogram", on_get_output_histogram, COMMAND_RPC_GET_OUTPUT_HISTOGRAM) END_JSON_RPC_MAP()