wallet2: make --restricted-rpc available for wallet RPC only

This commit is contained in:
stoffu 2018-07-30 14:38:55 +09:00
parent 4d66939791
commit a64f57fe42
No known key found for this signature in database
GPG Key ID: 41DAB8343A9EC012
8 changed files with 48 additions and 51 deletions

View File

@ -366,7 +366,7 @@ void Wallet::error(const std::string &category, const std::string &str) {
} }
///////////////////////// WalletImpl implementation //////////////////////// ///////////////////////// WalletImpl implementation ////////////////////////
WalletImpl::WalletImpl(NetworkType nettype, bool restricted, uint64_t kdf_rounds) WalletImpl::WalletImpl(NetworkType nettype, uint64_t kdf_rounds)
:m_wallet(nullptr) :m_wallet(nullptr)
, m_status(Wallet::Status_Ok) , m_status(Wallet::Status_Ok)
, m_trustedDaemon(false) , m_trustedDaemon(false)
@ -377,7 +377,7 @@ WalletImpl::WalletImpl(NetworkType nettype, bool restricted, uint64_t kdf_rounds
, m_rebuildWalletCache(false) , m_rebuildWalletCache(false)
, m_is_connected(false) , m_is_connected(false)
{ {
m_wallet = new tools::wallet2(static_cast<cryptonote::network_type>(nettype), restricted, kdf_rounds); m_wallet = new tools::wallet2(static_cast<cryptonote::network_type>(nettype), kdf_rounds);
m_history = new TransactionHistoryImpl(this); m_history = new TransactionHistoryImpl(this);
m_wallet2Callback = new Wallet2CallbackImpl(this); m_wallet2Callback = new Wallet2CallbackImpl(this);
m_wallet->callback(m_wallet2Callback); m_wallet->callback(m_wallet2Callback);

View File

@ -52,7 +52,7 @@ struct Wallet2CallbackImpl;
class WalletImpl : public Wallet class WalletImpl : public Wallet
{ {
public: public:
WalletImpl(NetworkType nettype = MAINNET, bool restricted = false, uint64_t kdf_rounds = 1); WalletImpl(NetworkType nettype = MAINNET, uint64_t kdf_rounds = 1);
~WalletImpl(); ~WalletImpl();
bool create(const std::string &path, const std::string &password, bool create(const std::string &path, const std::string &password,
const std::string &language); const std::string &language);

View File

@ -52,14 +52,14 @@ namespace Monero {
Wallet *WalletManagerImpl::createWallet(const std::string &path, const std::string &password, Wallet *WalletManagerImpl::createWallet(const std::string &path, const std::string &password,
const std::string &language, NetworkType nettype, uint64_t kdf_rounds) const std::string &language, NetworkType nettype, uint64_t kdf_rounds)
{ {
WalletImpl * wallet = new WalletImpl(nettype, false, kdf_rounds); WalletImpl * wallet = new WalletImpl(nettype, kdf_rounds);
wallet->create(path, password, language); wallet->create(path, password, language);
return wallet; return wallet;
} }
Wallet *WalletManagerImpl::openWallet(const std::string &path, const std::string &password, NetworkType nettype, uint64_t kdf_rounds) Wallet *WalletManagerImpl::openWallet(const std::string &path, const std::string &password, NetworkType nettype, uint64_t kdf_rounds)
{ {
WalletImpl * wallet = new WalletImpl(nettype, false, kdf_rounds); WalletImpl * wallet = new WalletImpl(nettype, kdf_rounds);
wallet->open(path, password); wallet->open(path, password);
//Refresh addressBook //Refresh addressBook
wallet->addressBook()->refresh(); wallet->addressBook()->refresh();
@ -90,7 +90,7 @@ Wallet *WalletManagerImpl::recoveryWallet(const std::string &path,
uint64_t restoreHeight, uint64_t restoreHeight,
uint64_t kdf_rounds) uint64_t kdf_rounds)
{ {
WalletImpl * wallet = new WalletImpl(nettype, false, kdf_rounds); WalletImpl * wallet = new WalletImpl(nettype, kdf_rounds);
if(restoreHeight > 0){ if(restoreHeight > 0){
wallet->setRefreshFromBlockHeight(restoreHeight); wallet->setRefreshFromBlockHeight(restoreHeight);
} }
@ -108,7 +108,7 @@ Wallet *WalletManagerImpl::createWalletFromKeys(const std::string &path,
const std::string &spendKeyString, const std::string &spendKeyString,
uint64_t kdf_rounds) uint64_t kdf_rounds)
{ {
WalletImpl * wallet = new WalletImpl(nettype, false, kdf_rounds); WalletImpl * wallet = new WalletImpl(nettype, kdf_rounds);
if(restoreHeight > 0){ if(restoreHeight > 0){
wallet->setRefreshFromBlockHeight(restoreHeight); wallet->setRefreshFromBlockHeight(restoreHeight);
} }
@ -124,7 +124,7 @@ Wallet *WalletManagerImpl::createWalletFromDevice(const std::string &path,
const std::string &subaddressLookahead, const std::string &subaddressLookahead,
uint64_t kdf_rounds) uint64_t kdf_rounds)
{ {
WalletImpl * wallet = new WalletImpl(nettype, false, kdf_rounds); WalletImpl * wallet = new WalletImpl(nettype, kdf_rounds);
if(restoreHeight > 0){ if(restoreHeight > 0){
wallet->setRefreshFromBlockHeight(restoreHeight); wallet->setRefreshFromBlockHeight(restoreHeight);
} }

View File

@ -147,7 +147,6 @@ struct options {
const command_line::arg_descriptor<std::string> daemon_login = {"daemon-login", tools::wallet2::tr("Specify username[:password] for daemon RPC client"), "", true}; const command_line::arg_descriptor<std::string> daemon_login = {"daemon-login", tools::wallet2::tr("Specify username[:password] for daemon RPC client"), "", true};
const command_line::arg_descriptor<bool> testnet = {"testnet", tools::wallet2::tr("For testnet. Daemon must also be launched with --testnet flag"), false}; const command_line::arg_descriptor<bool> testnet = {"testnet", tools::wallet2::tr("For testnet. Daemon must also be launched with --testnet flag"), false};
const command_line::arg_descriptor<bool> stagenet = {"stagenet", tools::wallet2::tr("For stagenet. Daemon must also be launched with --stagenet flag"), false}; const command_line::arg_descriptor<bool> stagenet = {"stagenet", tools::wallet2::tr("For stagenet. Daemon must also be launched with --stagenet flag"), false};
const command_line::arg_descriptor<bool> restricted = {"restricted-rpc", tools::wallet2::tr("Restricts to view-only commands"), false};
const command_line::arg_descriptor<std::string, false, true, 2> shared_ringdb_dir = { const command_line::arg_descriptor<std::string, false, true, 2> shared_ringdb_dir = {
"shared-ringdb-dir", tools::wallet2::tr("Set shared ring database path"), "shared-ringdb-dir", tools::wallet2::tr("Set shared ring database path"),
get_default_ringdb_path(), get_default_ringdb_path(),
@ -203,7 +202,6 @@ std::unique_ptr<tools::wallet2> make_basic(const boost::program_options::variabl
const bool testnet = command_line::get_arg(vm, opts.testnet); const bool testnet = command_line::get_arg(vm, opts.testnet);
const bool stagenet = command_line::get_arg(vm, opts.stagenet); const bool stagenet = command_line::get_arg(vm, opts.stagenet);
const network_type nettype = testnet ? TESTNET : stagenet ? STAGENET : MAINNET; const network_type nettype = testnet ? TESTNET : stagenet ? STAGENET : MAINNET;
const bool restricted = command_line::get_arg(vm, opts.restricted);
const uint64_t kdf_rounds = command_line::get_arg(vm, opts.kdf_rounds); const uint64_t kdf_rounds = command_line::get_arg(vm, opts.kdf_rounds);
THROW_WALLET_EXCEPTION_IF(kdf_rounds == 0, tools::error::wallet_internal_error, "KDF rounds must not be 0"); THROW_WALLET_EXCEPTION_IF(kdf_rounds == 0, tools::error::wallet_internal_error, "KDF rounds must not be 0");
@ -239,7 +237,7 @@ std::unique_ptr<tools::wallet2> make_basic(const boost::program_options::variabl
if (daemon_address.empty()) if (daemon_address.empty())
daemon_address = std::string("http://") + daemon_host + ":" + std::to_string(daemon_port); daemon_address = std::string("http://") + daemon_host + ":" + std::to_string(daemon_port);
std::unique_ptr<tools::wallet2> wallet(new tools::wallet2(nettype, restricted, kdf_rounds)); std::unique_ptr<tools::wallet2> wallet(new tools::wallet2(nettype, kdf_rounds));
wallet->init(std::move(daemon_address), std::move(login)); wallet->init(std::move(daemon_address), std::move(login));
boost::filesystem::path ringdb_path = command_line::get_arg(vm, opts.shared_ringdb_dir); boost::filesystem::path ringdb_path = command_line::get_arg(vm, opts.shared_ringdb_dir);
wallet->set_ring_database(ringdb_path.string()); wallet->set_ring_database(ringdb_path.string());
@ -650,7 +648,7 @@ const size_t MAX_SPLIT_ATTEMPTS = 30;
constexpr const std::chrono::seconds wallet2::rpc_timeout; constexpr const std::chrono::seconds wallet2::rpc_timeout;
const char* wallet2::tr(const char* str) { return i18n_translate(str, "tools::wallet2"); } const char* wallet2::tr(const char* str) { return i18n_translate(str, "tools::wallet2"); }
wallet2::wallet2(network_type nettype, bool restricted, uint64_t kdf_rounds): wallet2::wallet2(network_type nettype, uint64_t kdf_rounds):
m_multisig_rescan_info(NULL), m_multisig_rescan_info(NULL),
m_multisig_rescan_k(NULL), m_multisig_rescan_k(NULL),
m_run(true), m_run(true),
@ -681,7 +679,6 @@ wallet2::wallet2(network_type nettype, bool restricted, uint64_t kdf_rounds):
m_segregation_height(0), m_segregation_height(0),
m_ignore_fractional_outputs(true), m_ignore_fractional_outputs(true),
m_is_initialized(false), m_is_initialized(false),
m_restricted(restricted),
m_kdf_rounds(kdf_rounds), m_kdf_rounds(kdf_rounds),
is_old_file_format(false), is_old_file_format(false),
m_node_rpc_proxy(m_http_client, m_daemon_rpc_mutex), m_node_rpc_proxy(m_http_client, m_daemon_rpc_mutex),
@ -725,7 +722,6 @@ void wallet2::init_options(boost::program_options::options_description& desc_par
command_line::add_arg(desc_params, opts.daemon_login); command_line::add_arg(desc_params, opts.daemon_login);
command_line::add_arg(desc_params, opts.testnet); command_line::add_arg(desc_params, opts.testnet);
command_line::add_arg(desc_params, opts.stagenet); command_line::add_arg(desc_params, opts.stagenet);
command_line::add_arg(desc_params, opts.restricted);
command_line::add_arg(desc_params, opts.shared_ringdb_dir); command_line::add_arg(desc_params, opts.shared_ringdb_dir);
command_line::add_arg(desc_params, opts.kdf_rounds); command_line::add_arg(desc_params, opts.kdf_rounds);
} }

View File

@ -167,7 +167,7 @@ namespace tools
static bool verify_password(const std::string& keys_file_name, const epee::wipeable_string& password, bool no_spend_key, hw::device &hwdev, uint64_t kdf_rounds); static bool verify_password(const std::string& keys_file_name, const epee::wipeable_string& password, bool no_spend_key, hw::device &hwdev, uint64_t kdf_rounds);
wallet2(cryptonote::network_type nettype = cryptonote::MAINNET, bool restricted = false, uint64_t kdf_rounds = 1); wallet2(cryptonote::network_type nettype = cryptonote::MAINNET, uint64_t kdf_rounds = 1);
~wallet2(); ~wallet2();
struct multisig_info struct multisig_info
@ -687,7 +687,6 @@ namespace tools
RefreshType get_refresh_type() const { return m_refresh_type; } RefreshType get_refresh_type() const { return m_refresh_type; }
cryptonote::network_type nettype() const { return m_nettype; } cryptonote::network_type nettype() const { return m_nettype; }
bool restricted() const { return m_restricted; }
bool watch_only() const { return m_watch_only; } bool watch_only() const { return m_watch_only; }
bool multisig(bool *ready = NULL, uint32_t *threshold = NULL, uint32_t *total = NULL) const; bool multisig(bool *ready = NULL, uint32_t *threshold = NULL, uint32_t *total = NULL) const;
bool has_multisig_partial_key_images() const; bool has_multisig_partial_key_images() const;
@ -1259,7 +1258,6 @@ namespace tools
i_wallet2_callback* m_callback; i_wallet2_callback* m_callback;
bool m_key_on_device; bool m_key_on_device;
cryptonote::network_type m_nettype; cryptonote::network_type m_nettype;
bool m_restricted;
uint64_t m_kdf_rounds; uint64_t m_kdf_rounds;
std::string seed_language; /*!< Language of the mnemonics (seed). */ std::string seed_language; /*!< Language of the mnemonics (seed). */
bool is_old_file_format; /*!< Whether the wallet file is of an old file format */ bool is_old_file_format; /*!< Whether the wallet file is of an old file format */

View File

@ -60,6 +60,7 @@ namespace
const command_line::arg_descriptor<std::string, true> arg_rpc_bind_port = {"rpc-bind-port", "Sets bind port for server"}; const command_line::arg_descriptor<std::string, true> arg_rpc_bind_port = {"rpc-bind-port", "Sets bind port for server"};
const command_line::arg_descriptor<bool> arg_disable_rpc_login = {"disable-rpc-login", "Disable HTTP authentication for RPC connections served by this process"}; const command_line::arg_descriptor<bool> arg_disable_rpc_login = {"disable-rpc-login", "Disable HTTP authentication for RPC connections served by this process"};
const command_line::arg_descriptor<bool> arg_trusted_daemon = {"trusted-daemon", "Enable commands which rely on a trusted daemon", false}; const command_line::arg_descriptor<bool> arg_trusted_daemon = {"trusted-daemon", "Enable commands which rely on a trusted daemon", false};
const command_line::arg_descriptor<bool> arg_restricted = {"restricted-rpc", "Restricts to view-only commands", false};
const command_line::arg_descriptor<std::string> arg_wallet_dir = {"wallet-dir", "Directory for newly created wallets"}; const command_line::arg_descriptor<std::string> arg_wallet_dir = {"wallet-dir", "Directory for newly created wallets"};
const command_line::arg_descriptor<bool> arg_prompt_for_password = {"prompt-for-password", "Prompts for password when not provided", false}; const command_line::arg_descriptor<bool> arg_prompt_for_password = {"prompt-for-password", "Prompts for password when not provided", false};
@ -99,7 +100,7 @@ namespace tools
} }
//------------------------------------------------------------------------------------------------------------------------------ //------------------------------------------------------------------------------------------------------------------------------
wallet_rpc_server::wallet_rpc_server():m_wallet(NULL), rpc_login_file(), m_stop(false), m_trusted_daemon(false), m_vm(NULL) wallet_rpc_server::wallet_rpc_server():m_wallet(NULL), rpc_login_file(), m_stop(false), m_trusted_daemon(false), m_restricted(false), m_vm(NULL)
{ {
} }
//------------------------------------------------------------------------------------------------------------------------------ //------------------------------------------------------------------------------------------------------------------------------
@ -177,6 +178,7 @@ namespace tools
m_trusted_daemon = true; m_trusted_daemon = true;
} }
} }
m_restricted = command_line::get_arg(*m_vm, arg_restricted);
if (command_line::has_arg(*m_vm, arg_wallet_dir)) if (command_line::has_arg(*m_vm, arg_wallet_dir))
{ {
m_wallet_dir = command_line::get_arg(*m_vm, arg_wallet_dir); m_wallet_dir = command_line::get_arg(*m_vm, arg_wallet_dir);
@ -830,7 +832,7 @@ namespace tools
LOG_PRINT_L3("on_transfer starts"); LOG_PRINT_L3("on_transfer starts");
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -890,7 +892,7 @@ namespace tools
std::vector<uint8_t> extra; std::vector<uint8_t> extra;
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -933,7 +935,7 @@ namespace tools
bool wallet_rpc_server::on_sign_transfer(const wallet_rpc::COMMAND_RPC_SIGN_TRANSFER::request& req, wallet_rpc::COMMAND_RPC_SIGN_TRANSFER::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_sign_transfer(const wallet_rpc::COMMAND_RPC_SIGN_TRANSFER::request& req, wallet_rpc::COMMAND_RPC_SIGN_TRANSFER::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -1008,7 +1010,7 @@ namespace tools
bool wallet_rpc_server::on_submit_transfer(const wallet_rpc::COMMAND_RPC_SUBMIT_TRANSFER::request& req, wallet_rpc::COMMAND_RPC_SUBMIT_TRANSFER::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_submit_transfer(const wallet_rpc::COMMAND_RPC_SUBMIT_TRANSFER::request& req, wallet_rpc::COMMAND_RPC_SUBMIT_TRANSFER::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -1068,7 +1070,7 @@ namespace tools
bool wallet_rpc_server::on_sweep_dust(const wallet_rpc::COMMAND_RPC_SWEEP_DUST::request& req, wallet_rpc::COMMAND_RPC_SWEEP_DUST::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_sweep_dust(const wallet_rpc::COMMAND_RPC_SWEEP_DUST::request& req, wallet_rpc::COMMAND_RPC_SWEEP_DUST::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -1096,7 +1098,7 @@ namespace tools
std::vector<uint8_t> extra; std::vector<uint8_t> extra;
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -1144,7 +1146,7 @@ namespace tools
std::vector<uint8_t> extra; std::vector<uint8_t> extra;
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -1360,7 +1362,7 @@ namespace tools
bool wallet_rpc_server::on_store(const wallet_rpc::COMMAND_RPC_STORE::request& req, wallet_rpc::COMMAND_RPC_STORE::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_store(const wallet_rpc::COMMAND_RPC_STORE::request& req, wallet_rpc::COMMAND_RPC_STORE::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -1563,7 +1565,7 @@ namespace tools
bool wallet_rpc_server::on_query_key(const wallet_rpc::COMMAND_RPC_QUERY_KEY::request& req, wallet_rpc::COMMAND_RPC_QUERY_KEY::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_query_key(const wallet_rpc::COMMAND_RPC_QUERY_KEY::request& req, wallet_rpc::COMMAND_RPC_QUERY_KEY::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -1598,7 +1600,7 @@ namespace tools
bool wallet_rpc_server::on_rescan_blockchain(const wallet_rpc::COMMAND_RPC_RESCAN_BLOCKCHAIN::request& req, wallet_rpc::COMMAND_RPC_RESCAN_BLOCKCHAIN::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_rescan_blockchain(const wallet_rpc::COMMAND_RPC_RESCAN_BLOCKCHAIN::request& req, wallet_rpc::COMMAND_RPC_RESCAN_BLOCKCHAIN::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -1620,7 +1622,7 @@ namespace tools
bool wallet_rpc_server::on_sign(const wallet_rpc::COMMAND_RPC_SIGN::request& req, wallet_rpc::COMMAND_RPC_SIGN::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_sign(const wallet_rpc::COMMAND_RPC_SIGN::request& req, wallet_rpc::COMMAND_RPC_SIGN::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -1634,7 +1636,7 @@ namespace tools
bool wallet_rpc_server::on_verify(const wallet_rpc::COMMAND_RPC_VERIFY::request& req, wallet_rpc::COMMAND_RPC_VERIFY::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_verify(const wallet_rpc::COMMAND_RPC_VERIFY::request& req, wallet_rpc::COMMAND_RPC_VERIFY::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -1669,7 +1671,7 @@ namespace tools
bool wallet_rpc_server::on_stop_wallet(const wallet_rpc::COMMAND_RPC_STOP_WALLET::request& req, wallet_rpc::COMMAND_RPC_STOP_WALLET::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_stop_wallet(const wallet_rpc::COMMAND_RPC_STOP_WALLET::request& req, wallet_rpc::COMMAND_RPC_STOP_WALLET::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -1692,7 +1694,7 @@ namespace tools
bool wallet_rpc_server::on_set_tx_notes(const wallet_rpc::COMMAND_RPC_SET_TX_NOTES::request& req, wallet_rpc::COMMAND_RPC_SET_TX_NOTES::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_set_tx_notes(const wallet_rpc::COMMAND_RPC_SET_TX_NOTES::request& req, wallet_rpc::COMMAND_RPC_SET_TX_NOTES::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -1764,7 +1766,7 @@ namespace tools
bool wallet_rpc_server::on_set_attribute(const wallet_rpc::COMMAND_RPC_SET_ATTRIBUTE::request& req, wallet_rpc::COMMAND_RPC_SET_ATTRIBUTE::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_set_attribute(const wallet_rpc::COMMAND_RPC_SET_ATTRIBUTE::request& req, wallet_rpc::COMMAND_RPC_SET_ATTRIBUTE::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -1779,7 +1781,7 @@ namespace tools
bool wallet_rpc_server::on_get_attribute(const wallet_rpc::COMMAND_RPC_GET_ATTRIBUTE::request& req, wallet_rpc::COMMAND_RPC_GET_ATTRIBUTE::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_get_attribute(const wallet_rpc::COMMAND_RPC_GET_ATTRIBUTE::request& req, wallet_rpc::COMMAND_RPC_GET_ATTRIBUTE::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -2055,7 +2057,7 @@ namespace tools
bool wallet_rpc_server::on_get_transfers(const wallet_rpc::COMMAND_RPC_GET_TRANSFERS::request& req, wallet_rpc::COMMAND_RPC_GET_TRANSFERS::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_get_transfers(const wallet_rpc::COMMAND_RPC_GET_TRANSFERS::request& req, wallet_rpc::COMMAND_RPC_GET_TRANSFERS::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -2121,7 +2123,7 @@ namespace tools
bool wallet_rpc_server::on_get_transfer_by_txid(const wallet_rpc::COMMAND_RPC_GET_TRANSFER_BY_TXID::request& req, wallet_rpc::COMMAND_RPC_GET_TRANSFER_BY_TXID::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_get_transfer_by_txid(const wallet_rpc::COMMAND_RPC_GET_TRANSFER_BY_TXID::request& req, wallet_rpc::COMMAND_RPC_GET_TRANSFER_BY_TXID::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -2205,7 +2207,7 @@ namespace tools
bool wallet_rpc_server::on_export_outputs(const wallet_rpc::COMMAND_RPC_EXPORT_OUTPUTS::request& req, wallet_rpc::COMMAND_RPC_EXPORT_OUTPUTS::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_export_outputs(const wallet_rpc::COMMAND_RPC_EXPORT_OUTPUTS::request& req, wallet_rpc::COMMAND_RPC_EXPORT_OUTPUTS::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -2234,7 +2236,7 @@ namespace tools
bool wallet_rpc_server::on_import_outputs(const wallet_rpc::COMMAND_RPC_IMPORT_OUTPUTS::request& req, wallet_rpc::COMMAND_RPC_IMPORT_OUTPUTS::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_import_outputs(const wallet_rpc::COMMAND_RPC_IMPORT_OUTPUTS::request& req, wallet_rpc::COMMAND_RPC_IMPORT_OUTPUTS::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -2294,7 +2296,7 @@ namespace tools
bool wallet_rpc_server::on_import_key_images(const wallet_rpc::COMMAND_RPC_IMPORT_KEY_IMAGES::request& req, wallet_rpc::COMMAND_RPC_IMPORT_KEY_IMAGES::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_import_key_images(const wallet_rpc::COMMAND_RPC_IMPORT_KEY_IMAGES::request& req, wallet_rpc::COMMAND_RPC_IMPORT_KEY_IMAGES::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -2405,7 +2407,7 @@ namespace tools
bool wallet_rpc_server::on_add_address_book(const wallet_rpc::COMMAND_RPC_ADD_ADDRESS_BOOK_ENTRY::request& req, wallet_rpc::COMMAND_RPC_ADD_ADDRESS_BOOK_ENTRY::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_add_address_book(const wallet_rpc::COMMAND_RPC_ADD_ADDRESS_BOOK_ENTRY::request& req, wallet_rpc::COMMAND_RPC_ADD_ADDRESS_BOOK_ENTRY::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -2480,7 +2482,7 @@ namespace tools
bool wallet_rpc_server::on_delete_address_book(const wallet_rpc::COMMAND_RPC_DELETE_ADDRESS_BOOK_ENTRY::request& req, wallet_rpc::COMMAND_RPC_DELETE_ADDRESS_BOOK_ENTRY::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_delete_address_book(const wallet_rpc::COMMAND_RPC_DELETE_ADDRESS_BOOK_ENTRY::request& req, wallet_rpc::COMMAND_RPC_DELETE_ADDRESS_BOOK_ENTRY::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -2506,7 +2508,7 @@ namespace tools
bool wallet_rpc_server::on_rescan_spent(const wallet_rpc::COMMAND_RPC_RESCAN_SPENT::request& req, wallet_rpc::COMMAND_RPC_RESCAN_SPENT::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_rescan_spent(const wallet_rpc::COMMAND_RPC_RESCAN_SPENT::request& req, wallet_rpc::COMMAND_RPC_RESCAN_SPENT::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -2813,7 +2815,7 @@ namespace tools
bool wallet_rpc_server::on_prepare_multisig(const wallet_rpc::COMMAND_RPC_PREPARE_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_PREPARE_MULTISIG::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_prepare_multisig(const wallet_rpc::COMMAND_RPC_PREPARE_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_PREPARE_MULTISIG::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -2839,7 +2841,7 @@ namespace tools
bool wallet_rpc_server::on_make_multisig(const wallet_rpc::COMMAND_RPC_MAKE_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_MAKE_MULTISIG::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_make_multisig(const wallet_rpc::COMMAND_RPC_MAKE_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_MAKE_MULTISIG::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -2876,7 +2878,7 @@ namespace tools
bool wallet_rpc_server::on_export_multisig(const wallet_rpc::COMMAND_RPC_EXPORT_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_EXPORT_MULTISIG::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_export_multisig(const wallet_rpc::COMMAND_RPC_EXPORT_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_EXPORT_MULTISIG::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -2916,7 +2918,7 @@ namespace tools
bool wallet_rpc_server::on_import_multisig(const wallet_rpc::COMMAND_RPC_IMPORT_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_IMPORT_MULTISIG::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_import_multisig(const wallet_rpc::COMMAND_RPC_IMPORT_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_IMPORT_MULTISIG::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -2989,7 +2991,7 @@ namespace tools
bool wallet_rpc_server::on_finalize_multisig(const wallet_rpc::COMMAND_RPC_FINALIZE_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_FINALIZE_MULTISIG::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_finalize_multisig(const wallet_rpc::COMMAND_RPC_FINALIZE_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_FINALIZE_MULTISIG::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -3040,7 +3042,7 @@ namespace tools
bool wallet_rpc_server::on_sign_multisig(const wallet_rpc::COMMAND_RPC_SIGN_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_SIGN_MULTISIG::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_sign_multisig(const wallet_rpc::COMMAND_RPC_SIGN_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_SIGN_MULTISIG::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -3109,7 +3111,7 @@ namespace tools
bool wallet_rpc_server::on_submit_multisig(const wallet_rpc::COMMAND_RPC_SUBMIT_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_SUBMIT_MULTISIG::response& res, epee::json_rpc::error& er) bool wallet_rpc_server::on_submit_multisig(const wallet_rpc::COMMAND_RPC_SUBMIT_MULTISIG::request& req, wallet_rpc::COMMAND_RPC_SUBMIT_MULTISIG::response& res, epee::json_rpc::error& er)
{ {
if (!m_wallet) return not_open(er); if (!m_wallet) return not_open(er);
if (m_wallet->restricted()) if (m_restricted)
{ {
er.code = WALLET_RPC_ERROR_CODE_DENIED; er.code = WALLET_RPC_ERROR_CODE_DENIED;
er.message = "Command unavailable in restricted mode."; er.message = "Command unavailable in restricted mode.";
@ -3191,6 +3193,7 @@ int main(int argc, char** argv) {
command_line::add_arg(desc_params, arg_rpc_bind_port); command_line::add_arg(desc_params, arg_rpc_bind_port);
command_line::add_arg(desc_params, arg_disable_rpc_login); command_line::add_arg(desc_params, arg_disable_rpc_login);
command_line::add_arg(desc_params, arg_trusted_daemon); command_line::add_arg(desc_params, arg_trusted_daemon);
command_line::add_arg(desc_params, arg_restricted);
cryptonote::rpc_args::init_options(desc_params); cryptonote::rpc_args::init_options(desc_params);
command_line::add_arg(desc_params, arg_wallet_file); command_line::add_arg(desc_params, arg_wallet_file);
command_line::add_arg(desc_params, arg_from_json); command_line::add_arg(desc_params, arg_from_json);

View File

@ -237,6 +237,7 @@ namespace tools
tools::private_file rpc_login_file; tools::private_file rpc_login_file;
std::atomic<bool> m_stop; std::atomic<bool> m_stop;
bool m_trusted_daemon; bool m_trusted_daemon;
bool m_restricted;
const boost::program_options::variables_map *m_vm; const boost::program_options::variables_map *m_vm;
}; };
} }

View File

@ -671,8 +671,7 @@ TEST(Serialization, serializes_ringct_types)
TEST(Serialization, portability_wallet) TEST(Serialization, portability_wallet)
{ {
const cryptonote::network_type nettype = cryptonote::TESTNET; const cryptonote::network_type nettype = cryptonote::TESTNET;
const bool restricted = false; tools::wallet2 w(nettype);
tools::wallet2 w(nettype, restricted);
const boost::filesystem::path wallet_file = unit_test::data_dir / "wallet_9svHk1"; const boost::filesystem::path wallet_file = unit_test::data_dir / "wallet_9svHk1";
string password = "test"; string password = "test";
bool r = false; bool r = false;