ARCHIVE/rippled
1
0
Fork 0
mirror of https://github.com/XRPLF/rippled.git synced 2025-12-06 17:27:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move iAdminGet to Config::getAdminRole

Browse Source
This commit is contained in:
Vinnie Falco
2013-08-31 20:46:27 -07:00
parent e22c1c3495
commit bbfbdabe76
8 changed files with 89 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/ripple_app/basics/ripple_RPCServerHandler.cpp
View File

@@ -36,7 +36,7 @@ std::string RPCServerHandler::processRequest (std::string const& request, std::s
}
}
int role = iAdminGet (jvRequest, remoteAddress);
Config::Role const role (getConfig ().getAdminRole (jvRequest, remoteAddress));
// Parse id now so errors from here on will have the id
//
@@ -71,7 +71,7 @@ std::string RPCServerHandler::processRequest (std::string const& request, std::s
// VFALCO TODO Shouldn't we handle this earlier?
//
if (role == RPCHandler::FORBID)
if (role == Config::FORBID)
{
// VFALCO TODO Needs implementing
// FIXME Needs implementing

2
modules/ripple_app/main/ripple_RippleMain.cpp
View File

@@ -41,7 +41,7 @@ void startServer ()
// VFALCO TODO Clean up this magic number
LoadType loadType = LT_RPCReference;
Json::Value jvResult = rhHandler.doCommand (jvCommand, RPCHandler::ADMIN, &loadType);
Json::Value jvResult = rhHandler.doCommand (jvCommand, Config::ADMIN, &loadType);
if (!getConfig ().QUIET)
Log::out() << "Result: " << jvResult;

85
modules/ripple_app/rpc/RPCHandler.cpp
View File

@@ -10,57 +10,22 @@
SETUP_LOG (RPCHandler)
int iAdminGet (const Json::Value& params, const std::string& strRemoteIp)
RPCHandler::RPCHandler (NetworkOPs* netOps)
: mNetOps (netOps)
, mRole (Config::FORBID)
{
int iRole;
bool bPasswordSupplied = params.isMember ("admin_user") || params.isMember ("admin_password");
bool bPasswordRequired = !getConfig ().RPC_ADMIN_USER.empty () || !getConfig ().RPC_ADMIN_PASSWORD.empty ();
bool bPasswordWrong = bPasswordSupplied
? bPasswordRequired
// Supplied, required, and incorrect.
? getConfig ().RPC_ADMIN_USER != (params.isMember ("admin_user") ? params["admin_user"].asString () : "")
|| getConfig ().RPC_ADMIN_PASSWORD != (params.isMember ("admin_user") ? params["admin_password"].asString () : "")
// Supplied and not required.
: true
: false;
// Meets IP restriction for admin.
bool bAdminIP = false;
BOOST_FOREACH (const std::string & strAllowIp, getConfig ().RPC_ADMIN_ALLOW)
{
if (strAllowIp == strRemoteIp)
bAdminIP = true;
}
if (bPasswordWrong // Wrong
|| (bPasswordSupplied && !bAdminIP)) // Supplied and doesn't meet IP filter.
{
iRole = RPCHandler::FORBID;
}
// If supplied, password is correct.
else
{
// Allow admin, if from admin IP and no password is required or it was supplied and correct.
iRole = bAdminIP && (!bPasswordRequired || bPasswordSupplied) ? RPCHandler::ADMIN : RPCHandler::GUEST;
}
return iRole;
}
RPCHandler::RPCHandler (NetworkOPs* netOps) : mNetOps (netOps), mRole (FORBID)
RPCHandler::RPCHandler (NetworkOPs* netOps, InfoSub::pointer infoSub)
: mNetOps (netOps)
, mInfoSub (infoSub)
, mRole (Config::FORBID)
{
;
}
RPCHandler::RPCHandler (NetworkOPs* netOps, InfoSub::pointer infoSub) : mNetOps (netOps), mInfoSub (infoSub), mRole (FORBID)
{
;
}
Json::Value RPCHandler::transactionSign (Json::Value params, bool bSubmit, bool bFailHard, Application::ScopedLockType& mlh)
{
if (getApp().getFeeTrack().isLoadedCluster() && (mRole != ADMIN))
if (getApp().getFeeTrack().isLoadedCluster() && (mRole != Config::ADMIN))
return rpcError(rpcTOO_BUSY);
Json::Value jvResult;
@@ -353,7 +318,7 @@ Json::Value RPCHandler::transactionSign (Json::Value params, bool bSubmit, bool
try
{
// FIXME: For performance, should use asynch interface
tpTrans = mNetOps->submitTransactionSync (tpTrans, mRole == ADMIN, bFailHard, bSubmit);
tpTrans = mNetOps->submitTransactionSync (tpTrans, mRole == Config::ADMIN, bFailHard, bSubmit);
if (!tpTrans)
{
@@ -1707,7 +1672,7 @@ Json::Value RPCHandler::doSubmit (Json::Value params, LoadType* loadType, Applic
try
{
(void) mNetOps->processTransaction (tpTrans, mRole == ADMIN,
(void) mNetOps->processTransaction (tpTrans, mRole == Config::ADMIN,
params.isMember ("fail_hard") && params["fail_hard"].asBool ());
}
catch (std::exception& e)
@@ -1778,7 +1743,7 @@ Json::Value RPCHandler::doServerInfo (Json::Value, LoadType* loadType, Applicati
{
Json::Value ret (Json::objectValue);
ret["info"] = mNetOps->getServerInfo (true, mRole == ADMIN);
ret["info"] = mNetOps->getServerInfo (true, mRole == Config::ADMIN);
return ret;
}
@@ -1787,7 +1752,7 @@ Json::Value RPCHandler::doServerState (Json::Value, LoadType* loadType, Applicat
{
Json::Value ret (Json::objectValue);
ret["state"] = mNetOps->getServerInfo (false, mRole == ADMIN);
ret["state"] = mNetOps->getServerInfo (false, mRole == Config::ADMIN);
return ret;
}
@@ -1804,7 +1769,7 @@ Json::Value RPCHandler::doTxHistory (Json::Value params, LoadType* loadType, App
unsigned int startIndex = params["start"].asUInt ();
if ((startIndex > 10000) && (mRole != ADMIN))
if ((startIndex > 10000) && (mRole != Config::ADMIN))
return rpcError (rpcNO_PERMISSION);
Json::Value obj;
@@ -1962,7 +1927,7 @@ Json::Value RPCHandler::doLedger (Json::Value params, LoadType* loadType, Applic
| (bTransactions ? LEDGER_JSON_DUMP_TXRP : 0)
| (bAccounts ? LEDGER_JSON_DUMP_STATE : 0);
if ((bFull || bAccounts) && getApp().getFeeTrack().isLoadedLocal() && (mRole != ADMIN))
if ((bFull || bAccounts) && getApp().getFeeTrack().isLoadedLocal() && (mRole != Config::ADMIN))
{
WriteLog (lsDEBUG, Peer) << "Too busy to give full ledger";
return rpcError(rpcTOO_BUSY);
@@ -2064,7 +2029,7 @@ Json::Value RPCHandler::doAccountTransactions (Json::Value params, LoadType* loa
if (bBinary)
{
std::vector<NetworkOPs::txnMetaLedgerType> txns =
mNetOps->getAccountTxsB (raAccount, uLedgerMin, uLedgerMax, bDescending, offset, limit, mRole == ADMIN);
mNetOps->getAccountTxsB (raAccount, uLedgerMin, uLedgerMax, bDescending, offset, limit, mRole == Config::ADMIN);
for (std::vector<NetworkOPs::txnMetaLedgerType>::const_iterator it = txns.begin (), end = txns.end ();
it != end; ++it)
@@ -2081,7 +2046,7 @@ Json::Value RPCHandler::doAccountTransactions (Json::Value params, LoadType* loa
}
else
{
std::vector< std::pair<Transaction::pointer, TransactionMetaSet::pointer> > txns = mNetOps->getAccountTxs (raAccount, uLedgerMin, uLedgerMax, bDescending, offset, limit, mRole == ADMIN);
std::vector< std::pair<Transaction::pointer, TransactionMetaSet::pointer> > txns = mNetOps->getAccountTxs (raAccount, uLedgerMin, uLedgerMax, bDescending, offset, limit, mRole == Config::ADMIN);
for (std::vector< std::pair<Transaction::pointer, TransactionMetaSet::pointer> >::iterator it = txns.begin (), end = txns.end (); it != end; ++it)
{
@@ -2214,7 +2179,7 @@ Json::Value RPCHandler::doTxAccount (Json::Value params, LoadType* loadType, App
if (bBinary)
{
std::vector<NetworkOPs::txnMetaLedgerType> txns =
mNetOps->getTxsAccountB (raAccount, uLedgerMin, uLedgerMax, bForward, resumeToken, limit, mRole == ADMIN);
mNetOps->getTxsAccountB (raAccount, uLedgerMin, uLedgerMax, bForward, resumeToken, limit, mRole == Config::ADMIN);
for (std::vector<NetworkOPs::txnMetaLedgerType>::const_iterator it = txns.begin (), end = txns.end ();
it != end; ++it)
@@ -2232,7 +2197,7 @@ Json::Value RPCHandler::doTxAccount (Json::Value params, LoadType* loadType, App
else
{
std::vector< std::pair<Transaction::pointer, TransactionMetaSet::pointer> > txns =
mNetOps->getTxsAccount (raAccount, uLedgerMin, uLedgerMax, bForward, resumeToken, limit, mRole == ADMIN);
mNetOps->getTxsAccount (raAccount, uLedgerMin, uLedgerMax, bForward, resumeToken, limit, mRole == Config::ADMIN);
for (std::vector< std::pair<Transaction::pointer, TransactionMetaSet::pointer> >::iterator it = txns.begin (), end = txns.end (); it != end; ++it)
{
@@ -2275,7 +2240,7 @@ Json::Value RPCHandler::doTxAccount (Json::Value params, LoadType* loadType, App
// secret: <string> // optional
// }
//
// This command requires admin access because it makes no sense to ask an untrusted server for this.
// This command requires Config::ADMIN access because it makes no sense to ask an untrusted server for this.
Json::Value RPCHandler::doValidationCreate (Json::Value params, LoadType* loadType, Application::ScopedLockType& masterLockHolder)
{
RippleAddress raSeed;
@@ -2488,9 +2453,9 @@ Json::Value RPCHandler::doWalletSeed (Json::Value params, LoadType* loadType, Ap
}
#if ENABLE_INSECURE
// TODO: for now this simply checks if this is the admin account
// TODO: for now this simply checks if this is the Config::ADMIN account
// TODO: need to prevent them hammering this over and over
// TODO: maybe a better way is only allow admin from local host
// TODO: maybe a better way is only allow Config::ADMIN from local host
// {
// username: <string>,
// password: <string>
@@ -3247,7 +3212,7 @@ Json::Value RPCHandler::doSubscribe (Json::Value params, LoadType* loadType, App
if (params.isMember ("url"))
{
if (mRole != ADMIN)
if (mRole != Config::ADMIN)
return rpcError (rpcNO_PERMISSION);
std::string strUrl = params["url"].asString ();
@@ -3534,7 +3499,7 @@ Json::Value RPCHandler::doUnsubscribe (Json::Value params, LoadType* loadType, A
if (params.isMember ("url"))
{
if (mRole != ADMIN)
if (mRole != Config::ADMIN)
return rpcError (rpcNO_PERMISSION);
std::string strUrl = params["url"].asString ();
@@ -3754,7 +3719,7 @@ Json::Value RPCHandler::doInternal (Json::Value params, LoadType* loadType, Appl
Json::Value RPCHandler::doCommand (const Json::Value& params, int iRole, LoadType* loadType)
{
if (iRole != ADMIN)
if (iRole != Config::ADMIN)
{
int jc = getApp().getJobQueue ().getJobCountGE (jtCLIENT);
@@ -3862,7 +3827,7 @@ Json::Value RPCHandler::doCommand (const Json::Value& params, int iRole, LoadTyp
{
return rpcError (rpcUNKNOWN_COMMAND);
}
else if (commandsA[i].bAdminRequired && mRole != ADMIN)
else if (commandsA[i].bAdminRequired && mRole != Config::ADMIN)
{
return rpcError (rpcNO_PERMISSION);
}

12
modules/ripple_app/rpc/RPCHandler.h
View File

@@ -20,14 +20,6 @@ class InfoSub;
class RPCHandler
{
public:
enum
{
GUEST,
USER,
ADMIN,
FORBID
};
explicit RPCHandler (NetworkOPs* netOps);
RPCHandler (NetworkOPs* netOps, InfoSub::pointer infoSub);
@@ -185,8 +177,4 @@ private:
handler_t mHandler;
};
// VFALCO TODO tidy up this loose function
int iAdminGet (const Json::Value& jvRequest, const std::string& strRemoteIp);
#endif
// vim:ts=4

10
modules/ripple_app/websocket/WSConnection.h
View File

@@ -134,17 +134,17 @@ public:
RPCHandler mRPCHandler (&mNetwork, boost::dynamic_pointer_cast<InfoSub> (this->shared_from_this ()));
Json::Value jvResult (Json::objectValue);
int iRole = mHandler->getPublic ()
? RPCHandler::GUEST // Don't check on the public interface.
: iAdminGet (jvRequest, mRemoteIP);
Config::Role const role = mHandler->getPublic ()
? Config::GUEST // Don't check on the public interface.
: getConfig ().getAdminRole (jvRequest, mRemoteIP);
if (RPCHandler::FORBID == iRole)
if (Config::FORBID == role)
{
jvResult["result"] = rpcError (rpcFORBIDDEN);
}
else
{
jvResult["result"] = mRPCHandler.doCommand (jvRequest, iRole, &loadType);
jvResult["result"] = mRPCHandler.doCommand (jvRequest, role, &loadType);
}
// Debit/credit the load and see if we should include a warning.

61
modules/ripple_client/ripple_client.cpp
View File

@@ -4,61 +4,10 @@
*/
//==============================================================================
/** Add this to get the @ref ripple_client module.
#include "BeastConfig.h"
@file ripple_client.cpp
@ingroup ripple_client
*/
#include "../ripple_client/ripple_client.h"
/*
#include <set>
#include <boost/unordered_set.hpp>
#include <boost/asio.hpp>
#include <boost/asio/ssl.hpp>
#include "ripple_client.h"
#include "../ripple_basics/ripple_basics.h"
#include "../ripple_data/ripple_data.h"
*/
/*
#include "src/cpp/ripple/ripple_InfoSub.h"
// Order and indentation reflect the hierarchy of dependencies
// VFALCO NOTE Don't add anything here!!!
#include "src/cpp/ripple/ripple_HashedObject.h"
#include "src/cpp/ripple/ripple_SHAMapItem.h"
#include "src/cpp/ripple/ripple_SHAMapNode.h"
#include "src/cpp/ripple/ripple_SHAMapAddNode.h"
#include "src/cpp/ripple/ripple_SHAMapMissingNode.h"
#include "src/cpp/ripple/ripple_SHAMapTreeNode.h"
#include "src/cpp/ripple/ripple_SHAMapSyncFilter.h"
#include "src/cpp/ripple/ripple_SHAMap.h"
#include "src/cpp/ripple/ripple_SerializedTransaction.h"
#include "src/cpp/ripple/ripple_SerializedLedger.h"
#include "src/cpp/ripple/TransactionMeta.h"
#include "src/cpp/ripple/Transaction.h"
#include "src/cpp/ripple/ripple_AccountState.h"
#include "src/cpp/ripple/ripple_NicknameState.h"
#include "src/cpp/ripple/Ledger.h"
#include "src/cpp/ripple/ripple_LedgerEntrySet.h"
#include "src/cpp/ripple/TransactionEngine.h"
#include "src/cpp/ripple/ripple_ILoadManager.h"
#include "src/cpp/ripple/ripple_Peer.h"
#include "src/cpp/ripple/ripple_PeerSet.h"
#include "src/cpp/ripple/ripple_InboundLedger.h"
#include "src/cpp/ripple/ripple_LedgerHistory.h"
#include "src/cpp/ripple/ripple_CanonicalTXSet.h"
#include "src/cpp/ripple/LedgerMaster.h"
#include "src/cpp/ripple/ripple_InfoSub.h"
#include "src/cpp/ripple/SerializedValidation.h"
#include "src/cpp/ripple/LedgerProposal.h"
#include "src/cpp/ripple/ripple_AcceptedLedgerTx.h"
#include "src/cpp/ripple/NetworkOPs.h"
#include "src/cpp/ripple/ripple_IApplication.h"
//#include "src/cpp/ripple/NetworkOPs.cpp"
*/
namespace ripple
{
}

40
modules/ripple_core/functional/ripple_Config.cpp
View File

@@ -579,3 +579,43 @@ void Config::setRpcIpAndOptionalPort (std::string const& newAddress)
}
}
//------------------------------------------------------------------------------
Config::Role Config::getAdminRole (Json::Value const& params, std::string const& strRemoteIp) const
{
Config::Role role;
bool bPasswordSupplied = params.isMember ("admin_user") || params.isMember ("admin_password");
bool bPasswordRequired = !this->RPC_ADMIN_USER.empty () || !this->RPC_ADMIN_PASSWORD.empty ();
bool bPasswordWrong = bPasswordSupplied
? bPasswordRequired
// Supplied, required, and incorrect.
? this->RPC_ADMIN_USER != (params.isMember ("admin_user") ? params["admin_user"].asString () : "")
|| this->RPC_ADMIN_PASSWORD != (params.isMember ("admin_user") ? params["admin_password"].asString () : "")
// Supplied and not required.
: true
: false;
// Meets IP restriction for admin.
bool bAdminIP = false;
BOOST_FOREACH (const std::string & strAllowIp, this->RPC_ADMIN_ALLOW)
{
if (strAllowIp == strRemoteIp)
bAdminIP = true;
}
if (bPasswordWrong // Wrong
|| (bPasswordSupplied && !bAdminIP)) // Supplied and doesn't meet IP filter.
{
role = Config::FORBID;
}
// If supplied, password is correct.
else
{
// Allow admin, if from admin IP and no password is required or it was supplied and correct.
role = bAdminIP && (!bPasswordRequired || bPasswordSupplied) ? Config::ADMIN : Config::GUEST;
}
return role;
}

21
modules/ripple_core/functional/ripple_Config.h
View File

@@ -216,41 +216,31 @@ public:
//
public:
/** Get the client or server RPC IP address.
@note The string may not always be in a valid parsable state.
@return A string representing the address.
*/
std::string getRpcIP () const { return m_rpcIP; }
/** Get the client or server RPC port number.
@note The port number may be invalid (out of range or zero)
@return The RPC port number.
*/
int getRpcPort () const { return m_rpcPort; }
/** Set the client or server RPC IP and optional port.
@note The string is not syntax checked.
@param newAddress A string in the format <ip-address>[':'<port-number>]
*/
void setRpcIpAndOptionalPort (std::string const& newAddress);
/** Set the client or server RPC IP.
@note The string is not syntax-checked.
@param newIP A string representing the IP address to use.
*/
void setRpcIP (std::string const& newIP) { m_rpcIP = newIP; }
/** Set the client or server RPC port number.
@note The port number is not range checked.
@param newPort The RPC port number to use.
*/
void setRpcPort (int newPort) { m_rpcPort = newPort; }
@@ -266,6 +256,17 @@ public:
return s;
}
/** Determine the level of administrative permission to grant.
*/
enum Role
{
GUEST,
USER,
ADMIN,
FORBID
};
Role getAdminRole (Json::Value const& params, std::string const& strRemoteIp) const;
private:
std::string m_rpcIP;
// VFALCO TODO This should be a short.