epee: optionally restrict HTTP service to a configurable user agent

This is intended to catch traffic coming from a web browser,
so we avoid issues with a web page sending a transfer RPC to
the wallet. Requiring a particular user agent can act as a
simple password scheme, while we wait for 0MQ and proper
authentication to be merged.
This commit is contained in:
moneromooo-monero 2016-09-07 21:38:41 +01:00
parent 68e6678ab7
commit eeb2bbc0fc
No known key found for this signature in database
GPG key ID: 686F07454D6CEFC3
19 changed files with 60 additions and 18 deletions

View file

@ -34,10 +34,11 @@ namespace daemonize {
t_command_parser_executor::t_command_parser_executor(
uint32_t ip
, uint16_t port
, const std::string &user_agent
, bool is_rpc
, cryptonote::core_rpc_server* rpc_server
)
: m_executor(ip, port, is_rpc, rpc_server)
: m_executor(ip, port, user_agent, is_rpc, rpc_server)
{}
bool t_command_parser_executor::print_peer_list(const std::vector<std::string>& args)

View file

@ -49,6 +49,7 @@ public:
t_command_parser_executor(
uint32_t ip
, uint16_t port
, const std::string &user_agent
, bool is_rpc
, cryptonote::core_rpc_server* rpc_server = NULL
);

View file

@ -37,10 +37,11 @@ namespace p = std::placeholders;
t_command_server::t_command_server(
uint32_t ip
, uint16_t port
, const std::string &user_agent
, bool is_rpc
, cryptonote::core_rpc_server* rpc_server
)
: m_parser(ip, port, is_rpc, rpc_server)
: m_parser(ip, port, user_agent, is_rpc, rpc_server)
, m_command_lookup()
, m_is_rpc(is_rpc)
{

View file

@ -54,6 +54,7 @@ public:
t_command_server(
uint32_t ip
, uint16_t port
, const std::string &user_agent
, bool is_rpc = true
, cryptonote::core_rpc_server* rpc_server = NULL
);

View file

@ -124,7 +124,7 @@ bool t_daemon::run(bool interactive)
if (interactive)
{
rpc_commands = new daemonize::t_command_server(0, 0, false, mp_internals->rpc.get_server());
rpc_commands = new daemonize::t_command_server(0, 0, "", false, mp_internals->rpc.get_server());
rpc_commands->start_handling(std::bind(&daemonize::t_daemon::stop_p2p, this));
}

View file

@ -208,6 +208,7 @@ int main(int argc, char const * argv[])
{
rpc_port_str = command_line::get_arg(vm, cryptonote::core_rpc_server::arg_testnet_rpc_bind_port);
}
auto user_agent = command_line::get_arg(vm, cryptonote::core_rpc_server::arg_user_agent);
uint32_t rpc_ip;
uint16_t rpc_port;
@ -222,7 +223,7 @@ int main(int argc, char const * argv[])
return 1;
}
daemonize::t_command_server rpc_commands{rpc_ip, rpc_port};
daemonize::t_command_server rpc_commands{rpc_ip, rpc_port, user_agent};
if (rpc_commands.process_command_vec(command))
{
return 0;

View file

@ -92,6 +92,7 @@ namespace {
t_rpc_command_executor::t_rpc_command_executor(
uint32_t ip
, uint16_t port
, const std::string &user_agent
, bool is_rpc
, cryptonote::core_rpc_server* rpc_server
)

View file

@ -57,6 +57,7 @@ public:
t_rpc_command_executor(
uint32_t ip
, uint16_t port
, const std::string &user_agent
, bool is_rpc = true
, cryptonote::core_rpc_server* rpc_server = NULL
);