From 24d500ce8e27eade6e591f83e1381be62134e151 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Sun, 11 Jan 2015 11:06:35 +0000 Subject: [PATCH] Add a --restricted-rpc flag to simplewallet It restricts RPC to a subset of "view only" commands. Kind of like a poor man's view key replacement. --- src/simplewallet/simplewallet.cpp | 5 +++- src/wallet/wallet2.h | 4 +++- src/wallet/wallet_rpc_server.cpp | 28 ++++++++++++++++++++++ src/wallet/wallet_rpc_server_error_codes.h | 1 + 4 files changed, 36 insertions(+), 2 deletions(-) diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp index 6f3874981..ae61871dc 100644 --- a/src/simplewallet/simplewallet.cpp +++ b/src/simplewallet/simplewallet.cpp @@ -81,6 +81,7 @@ namespace const command_line::arg_descriptor arg_daemon_port = {"daemon-port", "Use daemon instance at port instead of 8081", 0}; const command_line::arg_descriptor arg_log_level = {"set_log", "", 0, true}; const command_line::arg_descriptor arg_testnet = {"testnet", "Used to deploy test nets. The daemon must be launched with --testnet flag", false}; + const command_line::arg_descriptor arg_restricted = {"restricted-rpc", "Restricts RPC to view only commands", false}; const command_line::arg_descriptor< std::vector > arg_command = {"command", ""}; @@ -1336,6 +1337,7 @@ int main(int argc, char* argv[]) command_line::add_arg(desc_params, arg_non_deterministic ); command_line::add_arg(desc_params, arg_electrum_seed ); command_line::add_arg(desc_params, arg_testnet); + command_line::add_arg(desc_params, arg_restricted); tools::wallet_rpc_server::init_options(desc_params); po::positional_options_description positional_options; @@ -1406,6 +1408,7 @@ int main(int argc, char* argv[]) } bool testnet = command_line::get_arg(vm, arg_testnet); + bool restricted = command_line::get_arg(vm, arg_restricted); std::string wallet_file = command_line::get_arg(vm, arg_wallet_file); std::string wallet_password = command_line::get_arg(vm, arg_password); std::string daemon_address = command_line::get_arg(vm, arg_daemon_address); @@ -1418,7 +1421,7 @@ int main(int argc, char* argv[]) if (daemon_address.empty()) daemon_address = std::string("http://") + daemon_host + ":" + std::to_string(daemon_port); - tools::wallet2 wal(testnet); + tools::wallet2 wal(testnet,restricted); try { LOG_PRINT_L0("Loading wallet..."); diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h index 073fff58b..314d8f4af 100644 --- a/src/wallet/wallet2.h +++ b/src/wallet/wallet2.h @@ -82,7 +82,7 @@ namespace tools { wallet2(const wallet2&) : m_run(true), m_callback(0), m_testnet(false) {}; public: - wallet2(bool testnet = false) : m_run(true), m_callback(0), m_testnet(testnet), is_old_file_format(false) {}; + wallet2(bool testnet = false, bool restricted = false) : m_run(true), m_callback(0), m_testnet(testnet), m_restricted(restricted), is_old_file_format(false) {}; struct transfer_details { uint64_t m_block_height; @@ -196,6 +196,7 @@ namespace tools bool refresh(size_t & blocks_fetched, bool& received_money, bool& ok); bool testnet() { return m_testnet; } + bool restricted() const { return m_restricted; } uint64_t balance(); uint64_t unlocked_balance(); @@ -296,6 +297,7 @@ namespace tools i_wallet2_callback* m_callback; bool m_testnet; + bool m_restricted; std::string seed_language; /*!< Language of the mnemonics (seed). */ bool is_old_file_format; /*!< Whether the wallet file is of an old file format */ }; diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp index d7b3f8434..be20f05de 100644 --- a/src/wallet/wallet_rpc_server.cpp +++ b/src/wallet/wallet_rpc_server.cpp @@ -167,6 +167,13 @@ namespace tools std::vector dsts; std::vector extra; + if (m_wallet.restricted()) + { + er.code = WALLET_RPC_ERROR_CODE_DENIED; + er.message = "Command unavailable in restricted mode."; + return false; + } + // validate the transfer requested and populate dsts & extra if (!validate_transfer(req.destinations, req.payment_id, dsts, extra, er)) { @@ -218,6 +225,13 @@ namespace tools std::vector dsts; std::vector extra; + if (m_wallet.restricted()) + { + er.code = WALLET_RPC_ERROR_CODE_DENIED; + er.message = "Command unavailable in restricted mode."; + return false; + } + // validate the transfer requested and populate dsts & extra; RPC_TRANSFER::request and RPC_TRANSFER_SPLIT::request are identical types. if (!validate_transfer(req.destinations, req.payment_id, dsts, extra, er)) { @@ -261,6 +275,13 @@ namespace tools //------------------------------------------------------------------------------------------------------------------------------ bool wallet_rpc_server::on_store(const wallet_rpc::COMMAND_RPC_STORE::request& req, wallet_rpc::COMMAND_RPC_STORE::response& res, epee::json_rpc::error& er, connection_context& cntx) { + if (m_wallet.restricted()) + { + er.code = WALLET_RPC_ERROR_CODE_DENIED; + er.message = "Command unavailable in restricted mode."; + return false; + } + try { m_wallet.store(); @@ -409,6 +430,13 @@ namespace tools //------------------------------------------------------------------------------------------------------------------------------ bool wallet_rpc_server::on_query_key(const wallet_rpc::COMMAND_RPC_QUERY_KEY::request& req, wallet_rpc::COMMAND_RPC_QUERY_KEY::response& res, epee::json_rpc::error& er, connection_context& cntx) { + if (m_wallet.restricted()) + { + er.code = WALLET_RPC_ERROR_CODE_DENIED; + er.message = "Command unavailable in restricted mode."; + return false; + } + if (req.key_type.compare("mnemonic") == 0) { if (!m_wallet.get_seed(res.key)) diff --git a/src/wallet/wallet_rpc_server_error_codes.h b/src/wallet/wallet_rpc_server_error_codes.h index 28df1acf2..28642c19d 100644 --- a/src/wallet/wallet_rpc_server_error_codes.h +++ b/src/wallet/wallet_rpc_server_error_codes.h @@ -37,3 +37,4 @@ #define WALLET_RPC_ERROR_CODE_GENERIC_TRANSFER_ERROR -4 #define WALLET_RPC_ERROR_CODE_WRONG_PAYMENT_ID -5 #define WALLET_RPC_ERROR_CODE_TRANSFER_TYPE -6 +#define WALLET_RPC_ERROR_CODE_DENIED -7