diff --git a/modules/ripple_app/basics/ripple_RPCServerHandler.cpp b/modules/ripple_app/basics/ripple_RPCServerHandler.cpp index faa90eb227..f5c3ed744a 100644 --- a/modules/ripple_app/basics/ripple_RPCServerHandler.cpp +++ b/modules/ripple_app/basics/ripple_RPCServerHandler.cpp @@ -36,7 +36,7 @@ std::string RPCServerHandler::processRequest (std::string const& request, std::s } } - int role = iAdminGet (jvRequest, remoteAddress); + Config::Role const role (getConfig ().getAdminRole (jvRequest, remoteAddress)); // Parse id now so errors from here on will have the id // @@ -71,7 +71,7 @@ std::string RPCServerHandler::processRequest (std::string const& request, std::s // VFALCO TODO Shouldn't we handle this earlier? // - if (role == RPCHandler::FORBID) + if (role == Config::FORBID) { // VFALCO TODO Needs implementing // FIXME Needs implementing diff --git a/modules/ripple_app/main/ripple_RippleMain.cpp b/modules/ripple_app/main/ripple_RippleMain.cpp index dc781170a0..5ad3fee543 100644 --- a/modules/ripple_app/main/ripple_RippleMain.cpp +++ b/modules/ripple_app/main/ripple_RippleMain.cpp @@ -41,7 +41,7 @@ void startServer () // VFALCO TODO Clean up this magic number LoadType loadType = LT_RPCReference; - Json::Value jvResult = rhHandler.doCommand (jvCommand, RPCHandler::ADMIN, &loadType); + Json::Value jvResult = rhHandler.doCommand (jvCommand, Config::ADMIN, &loadType); if (!getConfig ().QUIET) Log::out() << "Result: " << jvResult; diff --git a/modules/ripple_app/rpc/RPCHandler.cpp b/modules/ripple_app/rpc/RPCHandler.cpp index b160031425..64f841e186 100644 --- a/modules/ripple_app/rpc/RPCHandler.cpp +++ b/modules/ripple_app/rpc/RPCHandler.cpp @@ -10,57 +10,22 @@ SETUP_LOG (RPCHandler) -int iAdminGet (const Json::Value& params, const std::string& strRemoteIp) +RPCHandler::RPCHandler (NetworkOPs* netOps) + : mNetOps (netOps) + , mRole (Config::FORBID) { - int iRole; - bool bPasswordSupplied = params.isMember ("admin_user") || params.isMember ("admin_password"); - bool bPasswordRequired = !getConfig ().RPC_ADMIN_USER.empty () || !getConfig ().RPC_ADMIN_PASSWORD.empty (); - - bool bPasswordWrong = bPasswordSupplied - ? bPasswordRequired - // Supplied, required, and incorrect. - ? getConfig ().RPC_ADMIN_USER != (params.isMember ("admin_user") ? params["admin_user"].asString () : "") - || getConfig ().RPC_ADMIN_PASSWORD != (params.isMember ("admin_user") ? params["admin_password"].asString () : "") - // Supplied and not required. - : true - : false; - // Meets IP restriction for admin. - bool bAdminIP = false; - - BOOST_FOREACH (const std::string & strAllowIp, getConfig ().RPC_ADMIN_ALLOW) - { - if (strAllowIp == strRemoteIp) - bAdminIP = true; - } - - if (bPasswordWrong // Wrong - || (bPasswordSupplied && !bAdminIP)) // Supplied and doesn't meet IP filter. - { - iRole = RPCHandler::FORBID; - } - // If supplied, password is correct. - else - { - // Allow admin, if from admin IP and no password is required or it was supplied and correct. - iRole = bAdminIP && (!bPasswordRequired || bPasswordSupplied) ? RPCHandler::ADMIN : RPCHandler::GUEST; - } - - return iRole; } -RPCHandler::RPCHandler (NetworkOPs* netOps) : mNetOps (netOps), mRole (FORBID) +RPCHandler::RPCHandler (NetworkOPs* netOps, InfoSub::pointer infoSub) + : mNetOps (netOps) + , mInfoSub (infoSub) + , mRole (Config::FORBID) { - ; -} - -RPCHandler::RPCHandler (NetworkOPs* netOps, InfoSub::pointer infoSub) : mNetOps (netOps), mInfoSub (infoSub), mRole (FORBID) -{ - ; } Json::Value RPCHandler::transactionSign (Json::Value params, bool bSubmit, bool bFailHard, Application::ScopedLockType& mlh) { - if (getApp().getFeeTrack().isLoadedCluster() && (mRole != ADMIN)) + if (getApp().getFeeTrack().isLoadedCluster() && (mRole != Config::ADMIN)) return rpcError(rpcTOO_BUSY); Json::Value jvResult; @@ -353,7 +318,7 @@ Json::Value RPCHandler::transactionSign (Json::Value params, bool bSubmit, bool try { // FIXME: For performance, should use asynch interface - tpTrans = mNetOps->submitTransactionSync (tpTrans, mRole == ADMIN, bFailHard, bSubmit); + tpTrans = mNetOps->submitTransactionSync (tpTrans, mRole == Config::ADMIN, bFailHard, bSubmit); if (!tpTrans) { @@ -1707,7 +1672,7 @@ Json::Value RPCHandler::doSubmit (Json::Value params, LoadType* loadType, Applic try { - (void) mNetOps->processTransaction (tpTrans, mRole == ADMIN, + (void) mNetOps->processTransaction (tpTrans, mRole == Config::ADMIN, params.isMember ("fail_hard") && params["fail_hard"].asBool ()); } catch (std::exception& e) @@ -1778,7 +1743,7 @@ Json::Value RPCHandler::doServerInfo (Json::Value, LoadType* loadType, Applicati { Json::Value ret (Json::objectValue); - ret["info"] = mNetOps->getServerInfo (true, mRole == ADMIN); + ret["info"] = mNetOps->getServerInfo (true, mRole == Config::ADMIN); return ret; } @@ -1787,7 +1752,7 @@ Json::Value RPCHandler::doServerState (Json::Value, LoadType* loadType, Applicat { Json::Value ret (Json::objectValue); - ret["state"] = mNetOps->getServerInfo (false, mRole == ADMIN); + ret["state"] = mNetOps->getServerInfo (false, mRole == Config::ADMIN); return ret; } @@ -1804,7 +1769,7 @@ Json::Value RPCHandler::doTxHistory (Json::Value params, LoadType* loadType, App unsigned int startIndex = params["start"].asUInt (); - if ((startIndex > 10000) && (mRole != ADMIN)) + if ((startIndex > 10000) && (mRole != Config::ADMIN)) return rpcError (rpcNO_PERMISSION); Json::Value obj; @@ -1962,7 +1927,7 @@ Json::Value RPCHandler::doLedger (Json::Value params, LoadType* loadType, Applic | (bTransactions ? LEDGER_JSON_DUMP_TXRP : 0) | (bAccounts ? LEDGER_JSON_DUMP_STATE : 0); - if ((bFull || bAccounts) && getApp().getFeeTrack().isLoadedLocal() && (mRole != ADMIN)) + if ((bFull || bAccounts) && getApp().getFeeTrack().isLoadedLocal() && (mRole != Config::ADMIN)) { WriteLog (lsDEBUG, Peer) << "Too busy to give full ledger"; return rpcError(rpcTOO_BUSY); @@ -2064,7 +2029,7 @@ Json::Value RPCHandler::doAccountTransactions (Json::Value params, LoadType* loa if (bBinary) { std::vector txns = - mNetOps->getAccountTxsB (raAccount, uLedgerMin, uLedgerMax, bDescending, offset, limit, mRole == ADMIN); + mNetOps->getAccountTxsB (raAccount, uLedgerMin, uLedgerMax, bDescending, offset, limit, mRole == Config::ADMIN); for (std::vector::const_iterator it = txns.begin (), end = txns.end (); it != end; ++it) @@ -2081,7 +2046,7 @@ Json::Value RPCHandler::doAccountTransactions (Json::Value params, LoadType* loa } else { - std::vector< std::pair > txns = mNetOps->getAccountTxs (raAccount, uLedgerMin, uLedgerMax, bDescending, offset, limit, mRole == ADMIN); + std::vector< std::pair > txns = mNetOps->getAccountTxs (raAccount, uLedgerMin, uLedgerMax, bDescending, offset, limit, mRole == Config::ADMIN); for (std::vector< std::pair >::iterator it = txns.begin (), end = txns.end (); it != end; ++it) { @@ -2214,7 +2179,7 @@ Json::Value RPCHandler::doTxAccount (Json::Value params, LoadType* loadType, App if (bBinary) { std::vector txns = - mNetOps->getTxsAccountB (raAccount, uLedgerMin, uLedgerMax, bForward, resumeToken, limit, mRole == ADMIN); + mNetOps->getTxsAccountB (raAccount, uLedgerMin, uLedgerMax, bForward, resumeToken, limit, mRole == Config::ADMIN); for (std::vector::const_iterator it = txns.begin (), end = txns.end (); it != end; ++it) @@ -2232,7 +2197,7 @@ Json::Value RPCHandler::doTxAccount (Json::Value params, LoadType* loadType, App else { std::vector< std::pair > txns = - mNetOps->getTxsAccount (raAccount, uLedgerMin, uLedgerMax, bForward, resumeToken, limit, mRole == ADMIN); + mNetOps->getTxsAccount (raAccount, uLedgerMin, uLedgerMax, bForward, resumeToken, limit, mRole == Config::ADMIN); for (std::vector< std::pair >::iterator it = txns.begin (), end = txns.end (); it != end; ++it) { @@ -2275,7 +2240,7 @@ Json::Value RPCHandler::doTxAccount (Json::Value params, LoadType* loadType, App // secret: // optional // } // -// This command requires admin access because it makes no sense to ask an untrusted server for this. +// This command requires Config::ADMIN access because it makes no sense to ask an untrusted server for this. Json::Value RPCHandler::doValidationCreate (Json::Value params, LoadType* loadType, Application::ScopedLockType& masterLockHolder) { RippleAddress raSeed; @@ -2488,9 +2453,9 @@ Json::Value RPCHandler::doWalletSeed (Json::Value params, LoadType* loadType, Ap } #if ENABLE_INSECURE -// TODO: for now this simply checks if this is the admin account +// TODO: for now this simply checks if this is the Config::ADMIN account // TODO: need to prevent them hammering this over and over -// TODO: maybe a better way is only allow admin from local host +// TODO: maybe a better way is only allow Config::ADMIN from local host // { // username: , // password: @@ -3247,7 +3212,7 @@ Json::Value RPCHandler::doSubscribe (Json::Value params, LoadType* loadType, App if (params.isMember ("url")) { - if (mRole != ADMIN) + if (mRole != Config::ADMIN) return rpcError (rpcNO_PERMISSION); std::string strUrl = params["url"].asString (); @@ -3534,7 +3499,7 @@ Json::Value RPCHandler::doUnsubscribe (Json::Value params, LoadType* loadType, A if (params.isMember ("url")) { - if (mRole != ADMIN) + if (mRole != Config::ADMIN) return rpcError (rpcNO_PERMISSION); std::string strUrl = params["url"].asString (); @@ -3754,7 +3719,7 @@ Json::Value RPCHandler::doInternal (Json::Value params, LoadType* loadType, Appl Json::Value RPCHandler::doCommand (const Json::Value& params, int iRole, LoadType* loadType) { - if (iRole != ADMIN) + if (iRole != Config::ADMIN) { int jc = getApp().getJobQueue ().getJobCountGE (jtCLIENT); @@ -3862,7 +3827,7 @@ Json::Value RPCHandler::doCommand (const Json::Value& params, int iRole, LoadTyp { return rpcError (rpcUNKNOWN_COMMAND); } - else if (commandsA[i].bAdminRequired && mRole != ADMIN) + else if (commandsA[i].bAdminRequired && mRole != Config::ADMIN) { return rpcError (rpcNO_PERMISSION); } diff --git a/modules/ripple_app/rpc/RPCHandler.h b/modules/ripple_app/rpc/RPCHandler.h index 6522f989be..8e78723a18 100644 --- a/modules/ripple_app/rpc/RPCHandler.h +++ b/modules/ripple_app/rpc/RPCHandler.h @@ -20,14 +20,6 @@ class InfoSub; class RPCHandler { public: - enum - { - GUEST, - USER, - ADMIN, - FORBID - }; - explicit RPCHandler (NetworkOPs* netOps); RPCHandler (NetworkOPs* netOps, InfoSub::pointer infoSub); @@ -185,8 +177,4 @@ private: handler_t mHandler; }; -// VFALCO TODO tidy up this loose function -int iAdminGet (const Json::Value& jvRequest, const std::string& strRemoteIp); - #endif -// vim:ts=4 diff --git a/modules/ripple_app/websocket/WSConnection.h b/modules/ripple_app/websocket/WSConnection.h index 2938f0700c..3d6e7d1d4c 100644 --- a/modules/ripple_app/websocket/WSConnection.h +++ b/modules/ripple_app/websocket/WSConnection.h @@ -134,17 +134,17 @@ public: RPCHandler mRPCHandler (&mNetwork, boost::dynamic_pointer_cast (this->shared_from_this ())); Json::Value jvResult (Json::objectValue); - int iRole = mHandler->getPublic () - ? RPCHandler::GUEST // Don't check on the public interface. - : iAdminGet (jvRequest, mRemoteIP); + Config::Role const role = mHandler->getPublic () + ? Config::GUEST // Don't check on the public interface. + : getConfig ().getAdminRole (jvRequest, mRemoteIP); - if (RPCHandler::FORBID == iRole) + if (Config::FORBID == role) { jvResult["result"] = rpcError (rpcFORBIDDEN); } else { - jvResult["result"] = mRPCHandler.doCommand (jvRequest, iRole, &loadType); + jvResult["result"] = mRPCHandler.doCommand (jvRequest, role, &loadType); } // Debit/credit the load and see if we should include a warning. diff --git a/modules/ripple_client/ripple_client.cpp b/modules/ripple_client/ripple_client.cpp index e626a4d7a2..9d1980036e 100644 --- a/modules/ripple_client/ripple_client.cpp +++ b/modules/ripple_client/ripple_client.cpp @@ -4,61 +4,10 @@ */ //============================================================================== -/** Add this to get the @ref ripple_client module. +#include "BeastConfig.h" - @file ripple_client.cpp - @ingroup ripple_client -*/ +#include "../ripple_client/ripple_client.h" -/* -#include - -#include -#include -#include - -#include "ripple_client.h" - -#include "../ripple_basics/ripple_basics.h" - -#include "../ripple_data/ripple_data.h" - -*/ - -/* -#include "src/cpp/ripple/ripple_InfoSub.h" - -// Order and indentation reflect the hierarchy of dependencies -// VFALCO NOTE Don't add anything here!!! -#include "src/cpp/ripple/ripple_HashedObject.h" -#include "src/cpp/ripple/ripple_SHAMapItem.h" -#include "src/cpp/ripple/ripple_SHAMapNode.h" -#include "src/cpp/ripple/ripple_SHAMapAddNode.h" -#include "src/cpp/ripple/ripple_SHAMapMissingNode.h" -#include "src/cpp/ripple/ripple_SHAMapTreeNode.h" -#include "src/cpp/ripple/ripple_SHAMapSyncFilter.h" -#include "src/cpp/ripple/ripple_SHAMap.h" -#include "src/cpp/ripple/ripple_SerializedTransaction.h" -#include "src/cpp/ripple/ripple_SerializedLedger.h" -#include "src/cpp/ripple/TransactionMeta.h" -#include "src/cpp/ripple/Transaction.h" -#include "src/cpp/ripple/ripple_AccountState.h" -#include "src/cpp/ripple/ripple_NicknameState.h" -#include "src/cpp/ripple/Ledger.h" -#include "src/cpp/ripple/ripple_LedgerEntrySet.h" -#include "src/cpp/ripple/TransactionEngine.h" -#include "src/cpp/ripple/ripple_ILoadManager.h" -#include "src/cpp/ripple/ripple_Peer.h" -#include "src/cpp/ripple/ripple_PeerSet.h" -#include "src/cpp/ripple/ripple_InboundLedger.h" -#include "src/cpp/ripple/ripple_LedgerHistory.h" -#include "src/cpp/ripple/ripple_CanonicalTXSet.h" -#include "src/cpp/ripple/LedgerMaster.h" -#include "src/cpp/ripple/ripple_InfoSub.h" -#include "src/cpp/ripple/SerializedValidation.h" -#include "src/cpp/ripple/LedgerProposal.h" -#include "src/cpp/ripple/ripple_AcceptedLedgerTx.h" -#include "src/cpp/ripple/NetworkOPs.h" -#include "src/cpp/ripple/ripple_IApplication.h" -//#include "src/cpp/ripple/NetworkOPs.cpp" -*/ +namespace ripple +{ +} diff --git a/modules/ripple_core/functional/ripple_Config.cpp b/modules/ripple_core/functional/ripple_Config.cpp index fc06448ff4..9797aa37df 100644 --- a/modules/ripple_core/functional/ripple_Config.cpp +++ b/modules/ripple_core/functional/ripple_Config.cpp @@ -579,3 +579,43 @@ void Config::setRpcIpAndOptionalPort (std::string const& newAddress) } } +//------------------------------------------------------------------------------ + +Config::Role Config::getAdminRole (Json::Value const& params, std::string const& strRemoteIp) const +{ + Config::Role role; + bool bPasswordSupplied = params.isMember ("admin_user") || params.isMember ("admin_password"); + bool bPasswordRequired = !this->RPC_ADMIN_USER.empty () || !this->RPC_ADMIN_PASSWORD.empty (); + + bool bPasswordWrong = bPasswordSupplied + ? bPasswordRequired + // Supplied, required, and incorrect. + ? this->RPC_ADMIN_USER != (params.isMember ("admin_user") ? params["admin_user"].asString () : "") + || this->RPC_ADMIN_PASSWORD != (params.isMember ("admin_user") ? params["admin_password"].asString () : "") + // Supplied and not required. + : true + : false; + // Meets IP restriction for admin. + bool bAdminIP = false; + + BOOST_FOREACH (const std::string & strAllowIp, this->RPC_ADMIN_ALLOW) + { + if (strAllowIp == strRemoteIp) + bAdminIP = true; + } + + if (bPasswordWrong // Wrong + || (bPasswordSupplied && !bAdminIP)) // Supplied and doesn't meet IP filter. + { + role = Config::FORBID; + } + // If supplied, password is correct. + else + { + // Allow admin, if from admin IP and no password is required or it was supplied and correct. + role = bAdminIP && (!bPasswordRequired || bPasswordSupplied) ? Config::ADMIN : Config::GUEST; + } + + return role; +} + diff --git a/modules/ripple_core/functional/ripple_Config.h b/modules/ripple_core/functional/ripple_Config.h index 14653e56fd..b683e6d9ee 100644 --- a/modules/ripple_core/functional/ripple_Config.h +++ b/modules/ripple_core/functional/ripple_Config.h @@ -216,41 +216,31 @@ public: // public: /** Get the client or server RPC IP address. - @note The string may not always be in a valid parsable state. - @return A string representing the address. */ std::string getRpcIP () const { return m_rpcIP; } /** Get the client or server RPC port number. - @note The port number may be invalid (out of range or zero) - @return The RPC port number. */ int getRpcPort () const { return m_rpcPort; } /** Set the client or server RPC IP and optional port. - @note The string is not syntax checked. - @param newAddress A string in the format [':'] */ void setRpcIpAndOptionalPort (std::string const& newAddress); /** Set the client or server RPC IP. - @note The string is not syntax-checked. - @param newIP A string representing the IP address to use. */ void setRpcIP (std::string const& newIP) { m_rpcIP = newIP; } /** Set the client or server RPC port number. - @note The port number is not range checked. - @param newPort The RPC port number to use. */ void setRpcPort (int newPort) { m_rpcPort = newPort; } @@ -266,6 +256,17 @@ public: return s; } + /** Determine the level of administrative permission to grant. + */ + enum Role + { + GUEST, + USER, + ADMIN, + FORBID + }; + Role getAdminRole (Json::Value const& params, std::string const& strRemoteIp) const; + private: std::string m_rpcIP; // VFALCO TODO This should be a short.