diff --git a/rippled-example.cfg b/rippled-example.cfg index 8305912cc..ef45147b7 100644 --- a/rippled-example.cfg +++ b/rippled-example.cfg @@ -107,7 +107,7 @@ # 1: Allow RPC connections from any IP. # # [rpc_admin_allow]: -# Specify an IP address required for admin access. +# Specify an list of IP addresses allowed to have admin access. One per line. # # Defaults to 127.0.0.1. # diff --git a/src/cpp/ripple/Config.cpp b/src/cpp/ripple/Config.cpp index 57fa18979..1eee97fba 100644 --- a/src/cpp/ripple/Config.cpp +++ b/src/cpp/ripple/Config.cpp @@ -187,6 +187,7 @@ Config::Config() LEDGER_CREATOR = false; RPC_ALLOW_REMOTE = false; + RPC_ADMIN_ALLOW.push_back("127.0.0.1"); PEER_SSL_CIPHER_LIST = DEFAULT_PEER_SSL_CIPHER_LIST; PEER_SCAN_INTERVAL_MIN = DEFAULT_PEER_SCAN_INTERVAL_MIN; @@ -307,7 +308,12 @@ void Config::load() if (sectionSingleB(secConfig, SECTION_PEER_PRIVATE, strTemp)) PEER_PRIVATE = boost::lexical_cast(strTemp); - (void) sectionSingleB(secConfig, SECTION_RPC_ADMIN_ALLOW, RPC_ADMIN_ALLOW); + smtTmp = sectionEntries(secConfig, SECTION_RPC_ADMIN_ALLOW); + if (smtTmp) + { + RPC_ADMIN_ALLOW = *smtTmp; + } + (void) sectionSingleB(secConfig, SECTION_RPC_ADMIN_PASSWORD, RPC_ADMIN_PASSWORD); (void) sectionSingleB(secConfig, SECTION_RPC_ADMIN_USER, RPC_ADMIN_USER); (void) sectionSingleB(secConfig, SECTION_RPC_IP, RPC_IP); diff --git a/src/cpp/ripple/Config.h b/src/cpp/ripple/Config.h index 1bc8e54d1..abb1c5662 100644 --- a/src/cpp/ripple/Config.h +++ b/src/cpp/ripple/Config.h @@ -113,7 +113,7 @@ public: // RPC parameters std::string RPC_IP; int RPC_PORT; - std::string RPC_ADMIN_ALLOW; + std::vector RPC_ADMIN_ALLOW; std::string RPC_ADMIN_PASSWORD; std::string RPC_ADMIN_USER; std::string RPC_PASSWORD; diff --git a/src/cpp/ripple/RPCHandler.cpp b/src/cpp/ripple/RPCHandler.cpp index 846e51a8f..ed5640c4a 100644 --- a/src/cpp/ripple/RPCHandler.cpp +++ b/src/cpp/ripple/RPCHandler.cpp @@ -40,9 +40,13 @@ int iAdminGet(const Json::Value& jvRequest, const std::string& strRemoteIp) : true : false; // Meets IP restriction for admin. - bool bAdminIP = theConfig.RPC_ADMIN_ALLOW.empty() - ? strRemoteIp == "127.0.0.1" - : strRemoteIp == theConfig.RPC_ADMIN_ALLOW; + bool bAdminIP = false; + + BOOST_FOREACH(const std::string& strAllowIp, theConfig.RPC_ADMIN_ALLOW) + { + if (strAllowIp == strRemoteIp) + bAdminIP = true; + } if (bPasswordWrong // Wrong || (bPasswordSupplied && !bAdminIP)) // Supplied and doesn't meet IP filter.