Pass IPAddress in getAdminRole

2025-12-06 17:27:52 +00:00 · 2014-01-27 12:51:15 -08:00
parent f295bb20a1
commit bac8d41954
8 changed files with 69 additions and 43 deletions
--- a/src/ripple_app/main/RPCHTTPServer.cpp
+++ b/src/ripple_app/main/RPCHTTPServer.cpp
@@ -153,7 +153,7 @@ public:
    void processSession (Job& job, HTTP::Session& session)
    {
        session.write (m_deprecatedHandler.processRequest (
-            session.content(), session.remoteAddress().withPort(0).to_string()));
+            session.content(), session.remoteAddress().withPort(0)));

        session.close();
    }
@@ -172,7 +172,7 @@ public:
    }

    // Stolen directly from RPCServerHandler
-    std::string processRequest (std::string const& request, std::string const& remoteAddress)
+    std::string processRequest (std::string const& request, IPAddress const& remoteIPAddress)
    {
        Json::Value jvRequest;
        {
@@ -187,14 +187,14 @@ public:
            }
        }

-        Config::Role const role (getConfig ().getAdminRole (jvRequest, remoteAddress));
+        Config::Role const role (getConfig ().getAdminRole (jvRequest, remoteIPAddress));

        Resource::Consumer usage;

        if (role == Config::ADMIN)
-            usage = m_resourceManager.newAdminEndpoint(remoteAddress);
+            usage = m_resourceManager.newAdminEndpoint (remoteIPAddress.to_string());
        else
-            usage = m_resourceManager.newInboundEndpoint(IPAddress::from_string(remoteAddress));
+            usage = m_resourceManager.newInboundEndpoint(remoteIPAddress);

        if (usage.disconnect ())
            return createResponse (503, "Server is overloaded");
--- a/src/ripple_app/rpc/RPCServerHandler.cpp
+++ b/src/ripple_app/rpc/RPCServerHandler.cpp
@@ -36,7 +36,7 @@ bool RPCServerHandler::isAuthorized (
    return HTTPAuthorized (headers);
 }

-std::string RPCServerHandler::processRequest (std::string const& request, std::string const& remoteAddress)
+std::string RPCServerHandler::processRequest (std::string const& request, IPAddress const& remoteIPAddress)
 {
    Json::Value jvRequest;
    {
@@ -50,15 +50,15 @@ std::string RPCServerHandler::processRequest (std::string const& request, std::s
            return createResponse (400, "Unable to parse request");
        }
    }
-
-    Config::Role const role (getConfig ().getAdminRole (jvRequest, remoteAddress));
+    
+    Config::Role const role (getConfig ().getAdminRole (jvRequest, remoteIPAddress));

    Resource::Consumer usage;

    if (role == Config::ADMIN)
-        usage = m_resourceManager.newAdminEndpoint (remoteAddress);
+        usage = m_resourceManager.newAdminEndpoint (remoteIPAddress.to_string());
    else
-        usage = m_resourceManager.newInboundEndpoint (IPAddress::from_string (remoteAddress));
+        usage = m_resourceManager.newInboundEndpoint (remoteIPAddress);

    if (usage.disconnect ())
        return createResponse (503, "Server is overloaded");
--- a/src/ripple_app/rpc/RPCServerHandler.h
+++ b/src/ripple_app/rpc/RPCServerHandler.h
@@ -33,7 +33,7 @@ public:

    bool isAuthorized (std::map <std::string, std::string> const& headers);

-    std::string processRequest (std::string const& request, std::string const& remoteAddress);
+    std::string processRequest (std::string const& request, IPAddress const& remoteIPAddress);

 private:
    NetworkOPs& m_networkOPs;
--- a/src/ripple_app/websocket/WSConnection.cpp
+++ b/src/ripple_app/websocket/WSConnection.cpp
@@ -139,7 +139,7 @@ Json::Value WSConnection::invokeCommand (Json::Value& jvRequest)
    Config::Role const role = m_isPublic
            ? Config::GUEST     // Don't check on the public interface.
            : getConfig ().getAdminRole (
-                jvRequest, m_remoteAddress.withPort(0).to_string());
+                jvRequest, m_remoteAddress.withPort(0));
        
    if (Config::FORBID == role)
    {
--- a/src/ripple_core/functional/Config.cpp
+++ b/src/ripple_core/functional/Config.cpp
@@ -29,6 +29,43 @@
 #define DEFAULT_FEE_OFFER               DEFAULT_FEE_DEFAULT
 #define DEFAULT_FEE_OPERATION           1

+/** Parses a set of strings into IP::Endpoint
+      Strings which fail to parse are not included in the output. If a stream is
+      provided, human readable diagnostic error messages are written for each
+      failed parse.
+      @param out An OutputSequence to store the IP::Endpoint list
+      @param first The begining of the string input sequence
+      @param last The one-past-the-end of the string input sequence
+*/
+template <class OutputSequence, class InputIterator>
+void parseAddresses (OutputSequence& out, InputIterator first, InputIterator last,
+    Journal::Stream stream = Journal::Stream ())
+{
+    while (first != last)
+    {
+        typename std::iterator_traits <InputIterator>::value_type const& str (*first);
+        ++first;
+        {
+            IPAddress const addr (IPAddress::from_string (str));
+            if (! addr.empty ())
+            {
+                out.push_back (addr);
+                continue;
+            }
+        }
+        {
+            IPAddress const addr (IPAddress::from_string_altform (str));
+            if (! addr.empty ())
+            {
+                out.push_back (addr);
+                continue;
+            }
+        }
+        if (stream) stream <<
+            "Config: \"" << str << "\" is not a valid IP address.";
+    }
+}
+
 //------------------------------------------------------------------------------

 Config::Config ()
@@ -70,7 +107,7 @@ Config::Config ()
    LEDGER_CREATOR          = false;

    RPC_ALLOW_REMOTE        = false;
-    RPC_ADMIN_ALLOW.push_back ("127.0.0.1");
+    RPC_ADMIN_ALLOW.push_back (beast::IPAddress::from_string("127.0.0.1"));

    PEER_SSL_CIPHER_LIST    = DEFAULT_PEER_SSL_CIPHER_LIST;
    PEER_SCAN_INTERVAL_MIN  = DEFAULT_PEER_SCAN_INTERVAL_MIN;
@@ -322,7 +359,10 @@ void Config::load ()

            if (smtTmp)
            {
-                RPC_ADMIN_ALLOW = *smtTmp;
+                std::vector<IPAddress> parsedAddresses;
+                parseAddresses<std::vector<IPAddress>, std::vector<std::string>::const_iterator> 
+                    (parsedAddresses, (*smtTmp).cbegin(), (*smtTmp).cend());
+                RPC_ADMIN_ALLOW = parsedAddresses;
            }

            (void) SectionSingleB (secConfig, SECTION_RPC_ADMIN_PASSWORD, RPC_ADMIN_PASSWORD);
@@ -789,7 +829,7 @@ void Config::setRpcIpAndOptionalPort (std::string const& newAddress)

 //------------------------------------------------------------------------------

-Config::Role Config::getAdminRole (Json::Value const& params, std::string const& strRemoteIp) const
+Config::Role Config::getAdminRole (Json::Value const& params, beast::IPAddress const& remoteIp) const
 {
    Config::Role role;
    bool    bPasswordSupplied   = params.isMember ("admin_user") || params.isMember ("admin_password");
@@ -824,9 +864,9 @@ Config::Role Config::getAdminRole (Json::Value const& params, std::string const&
    // Meets IP restriction for admin.
    bool    bAdminIP            = false;

-    BOOST_FOREACH (const std::string & strAllowIp, this->RPC_ADMIN_ALLOW)
+    BOOST_FOREACH (IPAddress const& addr, this->RPC_ADMIN_ALLOW)
    {
-        if (strAllowIp == strRemoteIp)
+        if (addr == remoteIp)
            bAdminIP    = true;
    }

--- a/src/ripple_core/functional/Config.h
+++ b/src/ripple_core/functional/Config.h
@@ -273,7 +273,7 @@ public:
        ADMIN,
        FORBID
    };
-    Role getAdminRole (Json::Value const& params, std::string const& strRemoteIp) const;
+    Role getAdminRole (Json::Value const& params, IPAddress const& remoteIp) const;

    /** Listening port number for peer connections. */
    int peerListeningPort;
@@ -423,13 +423,13 @@ public:
    std::string                 WEBSOCKET_SSL_KEY;

    // RPC parameters
-    std::vector<std::string>    RPC_ADMIN_ALLOW;
-    std::string                 RPC_ADMIN_PASSWORD;
-    std::string                 RPC_ADMIN_USER;
-    std::string                 RPC_PASSWORD;
-    std::string                 RPC_USER;
-    bool                        RPC_ALLOW_REMOTE;
-    Json::Value                 RPC_STARTUP;
+    std::vector<beast::IPAddress>   RPC_ADMIN_ALLOW;
+    std::string                     RPC_ADMIN_PASSWORD;
+    std::string                     RPC_ADMIN_USER;
+    std::string                     RPC_PASSWORD;
+    std::string                     RPC_USER;
+    bool                            RPC_ALLOW_REMOTE;
+    Json::Value                     RPC_STARTUP;

    int                         RPC_SECURE;
    std::string                 RPC_SSL_CERT;
--- a/src/ripple_net/basics/RPCServer.h
+++ b/src/ripple_net/basics/RPCServer.h
@@ -46,7 +46,7 @@ public:
            @param  request The RPC request string.
            @return         The server's response.
        */
-        virtual std::string processRequest (std::string const& request, std::string const& remoteAddress) = 0;
+        virtual std::string processRequest (std::string const& request, IPAddress const& remoteIPAddress) = 0;
    };

    virtual ~RPCServer () { }
--- a/src/ripple_net/basics/impl/RPCServerImp.h
+++ b/src/ripple_net/basics/impl/RPCServerImp.h
@@ -218,23 +218,9 @@ public:
    std::string handleRequest (const std::string& request)
    {
        WriteLog (lsTRACE, RPCServer) << "handleRequest " << request;
-
-        // Figure out the remote address.
-        // VFALCO TODO Clean up this try/catch nonsense.
-        //
-        std::string remoteAddress;
-
-        try
-        {
-            remoteAddress = mSocket.PlainSocket ().remote_endpoint ().address ().to_string ();
-        }
-        catch (...)
-        {
-            // endpoint already disconnected
-            return "";
-        }
-
-        return m_handler.processRequest (request, remoteAddress);
+    
+        return m_handler.processRequest (request, beast::IPAddressConversion::from_asio (
+           mSocket.PlainSocket ().remote_endpoint().address()));
    }

    //--------------------------------------------------------------------------