diff options
Diffstat (limited to 'src/httprpc.cpp')
| -rw-r--r-- | src/httprpc.cpp | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/src/httprpc.cpp b/src/httprpc.cpp index 6b6849e59..de2437943 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -1,12 +1,12 @@ -// Copyright (c) 2015-2016 The Bitcoin Core developers +// Copyright (c) 2015-2017 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. #include <httprpc.h> -#include <base58.h> #include <chainparams.h> #include <httpserver.h> +#include <key_io.h> #include <rpc/protocol.h> #include <rpc/server.h> #include <random.h> @@ -17,6 +17,8 @@ #include <crypto/hmac_sha256.h> #include <stdio.h> +#include <memory> + #include <boost/algorithm/string.hpp> // boost::trim /** WWW-Authenticate to present with 401 Unauthorized response */ @@ -85,11 +87,11 @@ static void JSONErrorReply(HTTPRequest* req, const UniValue& objError, const Uni //entries from config file. static bool multiUserAuthorized(std::string strUserPass) { - if (strUserPass.find(":") == std::string::npos) { + if (strUserPass.find(':') == std::string::npos) { return false; } - std::string strUser = strUserPass.substr(0, strUserPass.find(":")); - std::string strPass = strUserPass.substr(strUserPass.find(":") + 1); + std::string strUser = strUserPass.substr(0, strUserPass.find(':')); + std::string strPass = strUserPass.substr(strUserPass.find(':') + 1); for (const std::string& strRPCAuth : gArgs.GetArgs("-rpcauth")) { //Search for multi-user login/pass "rpcauth" from config @@ -132,8 +134,8 @@ static bool RPCAuthorized(const std::string& strAuth, std::string& strAuthUserna boost::trim(strUserPass64); std::string strUserPass = DecodeBase64(strUserPass64); - if (strUserPass.find(":") != std::string::npos) - strAuthUsernameOut = strUserPass.substr(0, strUserPass.find(":")); + if (strUserPass.find(':') != std::string::npos) + strAuthUsernameOut = strUserPass.substr(0, strUserPass.find(':')); //Check if authorized under single-user field if (TimingResistantEqual(strUserPass, strRPCUserColonPass)) { @@ -158,8 +160,9 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &) } JSONRPCRequest jreq; + jreq.peerAddr = req->GetPeer().ToString(); if (!RPCAuthorized(authHeader.second, jreq.authUser)) { - LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", req->GetPeer().ToString()); + LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", jreq.peerAddr); /* Deter brute-forcing If this results in a DoS the user really @@ -252,6 +255,9 @@ void StopHTTPRPC() { LogPrint(BCLog::RPC, "Stopping HTTP RPC server\n"); UnregisterHTTPHandler("/", true); +#ifdef ENABLE_WALLET + UnregisterHTTPHandler("/wallet/", false); +#endif if (httpRPCTimerInterface) { RPCUnsetTimerInterface(httpRPCTimerInterface.get()); httpRPCTimerInterface.reset(); |