kvazar/kevacoin
1
0
Fork 0
mirror of https://github.com/kvazar-network/kevacoin.git synced 2025-01-30 16:54:19 +00:00
Code Issues Projects Releases Wiki Activity

[RPC] pass HTTP basic authentication username to the JSONRequest object

Browse Source
This commit is contained in:
Jonas Schnelli 2016-09-22 09:58:13 +02:00
parent 69d1c25768
commit e7156ad61b
No known key found for this signature in database
GPG Key ID: 29D4BCB6416F53EC
3 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/httprpc.cpp
View File

@ -127,7 +127,7 @@ static bool multiUserAuthorized(std::string strUserPass)
return false; return false;
} }
static bool RPCAuthorized(const std::string& strAuth) static bool RPCAuthorized(const std::string& strAuth, std::string& strAuthUsernameOut)
{ {
if (strRPCUserColonPass.empty()) // Belt-and-suspenders measure if InitRPCAuthentication was not called if (strRPCUserColonPass.empty()) // Belt-and-suspenders measure if InitRPCAuthentication was not called
return false; return false;
@ -136,7 +136,10 @@ static bool RPCAuthorized(const std::string& strAuth)
std::string strUserPass64 = strAuth.substr(6); std::string strUserPass64 = strAuth.substr(6);
boost::trim(strUserPass64); boost::trim(strUserPass64);
std::string strUserPass = DecodeBase64(strUserPass64); std::string strUserPass = DecodeBase64(strUserPass64);
if (strUserPass.find(":") != std::string::npos)
strAuthUsernameOut = strUserPass.substr(0, strUserPass.find(":"));
//Check if authorized under single-user field //Check if authorized under single-user field
if (TimingResistantEqual(strUserPass, strRPCUserColonPass)) { if (TimingResistantEqual(strUserPass, strRPCUserColonPass)) {
return true; return true;
@ -159,7 +162,8 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
return false; return false;
} }
if (!RPCAuthorized(authHeader.second)) { JSONRPCRequest jreq;
if (!RPCAuthorized(authHeader.second, jreq.authUser)) {
LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", req->GetPeer().ToString()); LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", req->GetPeer().ToString());
/* Deter brute-forcing /* Deter brute-forcing
@ -172,7 +176,6 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
return false; return false;
} }
JSONRPCRequest jreq;
try { try {
// Parse request // Parse request
UniValue valRequest; UniValue valRequest;

1
src/rest.cpp
View File

@ -286,6 +286,7 @@ static bool rest_chaininfo(HTTPRequest* req, const std::string& strURIPart)
switch (rf) { switch (rf) {
case RF_JSON: { case RF_JSON: {
JSONRPCRequest jsonRequest; JSONRPCRequest jsonRequest;
jsonRequest.params = UniValue(UniValue::VARR);
UniValue chainInfoObject = getblockchaininfo(jsonRequest); UniValue chainInfoObject = getblockchaininfo(jsonRequest);
string strJSON = chainInfoObject.write() + "\n"; string strJSON = chainInfoObject.write() + "\n";
req->WriteHeader("Content-Type", "application/json"); req->WriteHeader("Content-Type", "application/json");

3
src/rpc/server.h
View File

@ -49,8 +49,9 @@ public:
UniValue params; UniValue params;
bool fHelp; bool fHelp;
std::string URI; std::string URI;
std::string authUser;
JSONRPCRequest() { id = NullUniValue; } JSONRPCRequest() { id = NullUniValue; params = NullUniValue; fHelp = false; }
void parse(const UniValue& valRequest); void parse(const UniValue& valRequest);
}; };