From 8b8334af8646269478f4d0b2fe2466c86612cd5e Mon Sep 17 00:00:00 2001 From: Vinnie Falco Date: Fri, 2 Oct 2015 19:32:29 -0700 Subject: [PATCH] Set admin privileges on websocket: When the websocket connection is established, any configured administrative privileges are applied to resource limits. --- src/ripple/resource/impl/Logic.h | 14 -------------- src/ripple/server/Role.h | 6 ++++++ src/ripple/server/impl/Role.cpp | 11 +++++++++++ src/ripple/websocket/Connection.h | 5 +++-- 4 files changed, 20 insertions(+), 16 deletions(-) diff --git a/src/ripple/resource/impl/Logic.h b/src/ripple/resource/impl/Logic.h index 9564219382..8a493db213 100644 --- a/src/ripple/resource/impl/Logic.h +++ b/src/ripple/resource/impl/Logic.h @@ -112,9 +112,6 @@ public: Consumer newInboundEndpoint (beast::IP::Endpoint const& address) { - if (isWhitelisted (address)) - return newAdminEndpoint (to_string (address)); - Entry* entry (nullptr); { @@ -146,9 +143,6 @@ public: Consumer newOutboundEndpoint (beast::IP::Endpoint const& address) { - if (isWhitelisted (address)) - return newAdminEndpoint (to_string (address)); - Entry* entry (nullptr); { @@ -370,14 +364,6 @@ public: //-------------------------------------------------------------------------- - bool isWhitelisted (beast::IP::Endpoint const& address) - { - if (! is_public (address)) - return true; - - return false; - } - // Called periodically to expire entries and groom the table. // void periodicActivity () diff --git a/src/ripple/server/Role.h b/src/ripple/server/Role.h index e8a13fb985..6956d81e8a 100644 --- a/src/ripple/server/Role.h +++ b/src/ripple/server/Role.h @@ -22,6 +22,7 @@ #include #include +#include #include #include @@ -47,6 +48,11 @@ Role requestRole (Role const& required, HTTP::Port const& port, Json::Value const& jsonRPC, beast::IP::Endpoint const& remoteIp); +Resource::Consumer +requestInboundEndpoint (Resource::Manager& manager, + beast::IP::Endpoint const& remoteAddress, + HTTP::Port const& port); + } // ripple #endif diff --git a/src/ripple/server/impl/Role.cpp b/src/ripple/server/impl/Role.cpp index 9b4139feae..0e6e642ed8 100644 --- a/src/ripple/server/impl/Role.cpp +++ b/src/ripple/server/impl/Role.cpp @@ -66,4 +66,15 @@ requestRole (Role const& required, HTTP::Port const& port, return role; } +Resource::Consumer +requestInboundEndpoint (Resource::Manager& manager, + beast::IP::Endpoint const& remoteAddress, + HTTP::Port const& port) +{ + if (requestRole (Role::GUEST, port, Json::Value(), remoteAddress) == + Role::ADMIN) + return manager.newAdminEndpoint (to_string (remoteAddress)); + return manager.newInboundEndpoint(remoteAddress); +} + } diff --git a/src/ripple/websocket/Connection.h b/src/ripple/websocket/Connection.h index d46cc8f2d2..a456a57038 100644 --- a/src/ripple/websocket/Connection.h +++ b/src/ripple/websocket/Connection.h @@ -34,6 +34,7 @@ #include #include #include +#include #include #include #include @@ -133,8 +134,8 @@ ConnectionImpl ::ConnectionImpl ( connection_ptr const& cpConnection, beast::IP::Endpoint const& remoteAddress, boost::asio::io_service& io_service) - : InfoSub (source, // usage - resourceManager.newInboundEndpoint (remoteAddress)) + : InfoSub (source, requestInboundEndpoint ( + resourceManager, remoteAddress, handler.port())) , app_(app) , m_port (handler.port ()) , m_resourceManager (resourceManager)