Move iAdminGet to Config::getAdminRole

2025-12-06 17:27:55 +00:00 · 2013-08-31 20:46:27 -07:00
parent e22c1c3495
commit bbfbdabe76
8 changed files with 89 additions and 146 deletions
--- a/modules/ripple_core/functional/ripple_Config.cpp
+++ b/modules/ripple_core/functional/ripple_Config.cpp
@@ -579,3 +579,43 @@ void Config::setRpcIpAndOptionalPort (std::string const& newAddress)
    }
 }

+//------------------------------------------------------------------------------
+
+Config::Role Config::getAdminRole (Json::Value const& params, std::string const& strRemoteIp) const
+{
+    Config::Role role;
+    bool    bPasswordSupplied   = params.isMember ("admin_user") || params.isMember ("admin_password");
+    bool    bPasswordRequired   = !this->RPC_ADMIN_USER.empty () || !this->RPC_ADMIN_PASSWORD.empty ();
+
+    bool    bPasswordWrong      = bPasswordSupplied
+                                  ? bPasswordRequired
+                                  // Supplied, required, and incorrect.
+                                  ? this->RPC_ADMIN_USER != (params.isMember ("admin_user") ? params["admin_user"].asString () : "")
+                                  || this->RPC_ADMIN_PASSWORD != (params.isMember ("admin_user") ? params["admin_password"].asString () : "")
+                                  // Supplied and not required.
+                                      : true
+                                      : false;
+    // Meets IP restriction for admin.
+    bool    bAdminIP            = false;
+
+    BOOST_FOREACH (const std::string & strAllowIp, this->RPC_ADMIN_ALLOW)
+    {
+        if (strAllowIp == strRemoteIp)
+            bAdminIP    = true;
+    }
+
+    if (bPasswordWrong                          // Wrong
+            || (bPasswordSupplied && !bAdminIP))    // Supplied and doesn't meet IP filter.
+    {
+        role   = Config::FORBID;
+    }
+    // If supplied, password is correct.
+    else
+    {
+        // Allow admin, if from admin IP and no password is required or it was supplied and correct.
+        role = bAdminIP && (!bPasswordRequired || bPasswordSupplied) ? Config::ADMIN : Config::GUEST;
+    }
+
+    return role;
+}
+
--- a/modules/ripple_core/functional/ripple_Config.h
+++ b/modules/ripple_core/functional/ripple_Config.h
@@ -216,41 +216,31 @@ public:
    //
 public:
    /** Get the client or server RPC IP address.
-
        @note The string may not always be in a valid parsable state.
-
        @return A string representing the address.
    */
    std::string getRpcIP () const { return m_rpcIP; }

    /** Get the client or server RPC port number.
-
        @note The port number may be invalid (out of range or zero)
-
        @return The RPC port number.
    */
    int getRpcPort () const { return m_rpcPort; }

    /** Set the client or server RPC IP and optional port.
-
        @note The string is not syntax checked.
-
        @param newAddress A string in the format <ip-address>[':'<port-number>]
    */
    void setRpcIpAndOptionalPort (std::string const& newAddress);

    /** Set the client or server RPC IP.
-
        @note The string is not syntax-checked.
-
        @param newIP A string representing the IP address to use.
    */
    void setRpcIP (std::string const& newIP) { m_rpcIP = newIP; }

    /** Set the client or server RPC port number.
-
        @note The port number is not range checked.
-
        @param newPort The RPC port number to use.
    */
    void setRpcPort (int newPort) { m_rpcPort = newPort; }
@@ -266,6 +256,17 @@ public:
        return s;
    }

+    /** Determine the level of administrative permission to grant.
+    */
+    enum Role
+    {
+        GUEST,
+        USER,
+        ADMIN,
+        FORBID
+    };
+    Role getAdminRole (Json::Value const& params, std::string const& strRemoteIp) const;
+
 private:
    std::string                 m_rpcIP;
    // VFALCO TODO This should be a short.