From 40b556d3742a1f65d67e2d4c760d0b13fe8be5b7 Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Fri, 23 Jan 2015 07:53:17 +0100 Subject: evhttpd implementation - *Replace usage of boost::asio with [libevent2](http://libevent.org/)*. boost::asio is not part of C++11, so unlike other boost there is no forwards-compatibility reason to stick with it. Together with #4738 (convert json_spirit to UniValue), this rids Bitcoin Core of the worst offenders with regard to compile-time slowness. - *Replace spit-and-duct-tape http server with evhttp*. Front-end http handling is handled by libevent, a work queue (with configurable depth and parallelism) is used to handle application requests. - *Wrap HTTP request in C++ class*; this makes the application code mostly HTTP-server-neutral - *Refactor RPC to move all http-specific code to a separate file*. Theoreticaly this can allow building without HTTP server but with another RPC backend, e.g. Qt's debug console (currently not implemented) or future RPC mechanisms people may want to use. - *HTTP dispatch mechanism*; services (e.g., RPC, REST) register which URL paths they want to handle. By using a proven, high-performance asynchronous networking library (also used by Tor) and HTTP server, problems such as #5674, #5655, #344 should be avoided. What works? bitcoind, bitcoin-cli, bitcoin-qt. Unit tests and RPC/REST tests pass. The aim for now is everything but SSL support. Configuration options: - `-rpcthreads`: repurposed as "number of work handler threads". Still defaults to 4. - `-rpcworkqueue`: maximum depth of work queue. When this is reached, new requests will return a 500 Internal Error. - `-rpctimeout`: inactivity time, in seconds, after which to disconnect a client. - `-debug=http`: low-level http activity logging --- src/httprpc.cpp | 201 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 201 insertions(+) create mode 100644 src/httprpc.cpp (limited to 'src/httprpc.cpp') diff --git a/src/httprpc.cpp b/src/httprpc.cpp new file mode 100644 index 000000000..570beadc5 --- /dev/null +++ b/src/httprpc.cpp @@ -0,0 +1,201 @@ +#include "httprpc.h" + +#include "base58.h" +#include "chainparams.h" +#include "httpserver.h" +#include "rpcprotocol.h" +#include "rpcserver.h" +#include "random.h" +#include "sync.h" +#include "util.h" +#include "utilstrencodings.h" +#include "ui_interface.h" + +#include // boost::trim + +/** Simple one-shot callback timer to be used by the RPC mechanism to e.g. + * re-lock the wellet. + */ +class HTTPRPCTimer : public RPCTimerBase +{ +public: + HTTPRPCTimer(struct event_base* eventBase, boost::function& func, int64_t seconds) : ev(eventBase, false, new Handler(func)) + { + struct timeval tv = {seconds, 0}; + ev.trigger(&tv); + } +private: + HTTPEvent ev; + + class Handler : public HTTPClosure + { + public: + Handler(const boost::function& func) : func(func) + { + } + private: + boost::function func; + void operator()() { func(); } + }; +}; + +class HTTPRPCTimerInterface : public RPCTimerInterface +{ +public: + HTTPRPCTimerInterface(struct event_base* base) : base(base) + { + } + const char* Name() + { + return "HTTP"; + } + RPCTimerBase* NewTimer(boost::function& func, int64_t seconds) + { + return new HTTPRPCTimer(base, func, seconds); + } +private: + struct event_base* base; +}; + + +/* Pre-base64-encoded authentication token */ +static std::string strRPCUserColonPass; +/* Stored RPC timer interface (for unregistration) */ +static HTTPRPCTimerInterface* httpRPCTimerInterface = 0; + +static void JSONErrorReply(HTTPRequest* req, const UniValue& objError, const UniValue& id) +{ + // Send error reply from json-rpc error object + int nStatus = HTTP_INTERNAL_SERVER_ERROR; + int code = find_value(objError, "code").get_int(); + + if (code == RPC_INVALID_REQUEST) + nStatus = HTTP_BAD_REQUEST; + else if (code == RPC_METHOD_NOT_FOUND) + nStatus = HTTP_NOT_FOUND; + + std::string strReply = JSONRPCReply(NullUniValue, objError, id); + + req->WriteHeader("Content-Type", "application/json"); + req->WriteReply(nStatus, strReply); +} + +static bool RPCAuthorized(const std::string& strAuth) +{ + if (strRPCUserColonPass.empty()) // Belt-and-suspenders measure if InitRPCAuthentication was not called + return false; + if (strAuth.substr(0, 6) != "Basic ") + return false; + std::string strUserPass64 = strAuth.substr(6); + boost::trim(strUserPass64); + std::string strUserPass = DecodeBase64(strUserPass64); + return TimingResistantEqual(strUserPass, strRPCUserColonPass); +} + +static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &) +{ + // JSONRPC handles only POST + if (req->GetRequestMethod() != HTTPRequest::POST) { + req->WriteReply(HTTP_BAD_METHOD, "JSONRPC server handles only POST requests"); + return false; + } + // Check authorization + std::pair authHeader = req->GetHeader("authorization"); + if (!authHeader.first) { + req->WriteReply(HTTP_UNAUTHORIZED); + return false; + } + + if (!RPCAuthorized(authHeader.second)) { + LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", req->GetPeer().ToString()); + + /* Deter brute-forcing + If this results in a DoS the user really + shouldn't have their RPC port exposed. */ + MilliSleep(250); + + req->WriteReply(HTTP_UNAUTHORIZED); + return false; + } + + JSONRequest jreq; + try { + // Parse request + UniValue valRequest; + if (!valRequest.read(req->ReadBody())) + throw JSONRPCError(RPC_PARSE_ERROR, "Parse error"); + + std::string strReply; + // singleton request + if (valRequest.isObject()) { + jreq.parse(valRequest); + + UniValue result = tableRPC.execute(jreq.strMethod, jreq.params); + + // Send reply + strReply = JSONRPCReply(result, NullUniValue, jreq.id); + + // array of requests + } else if (valRequest.isArray()) + strReply = JSONRPCExecBatch(valRequest.get_array()); + else + throw JSONRPCError(RPC_PARSE_ERROR, "Top-level object parse error"); + + req->WriteHeader("Content-Type", "application/json"); + req->WriteReply(HTTP_OK, strReply); + } catch (const UniValue& objError) { + JSONErrorReply(req, objError, jreq.id); + return false; + } catch (const std::exception& e) { + JSONErrorReply(req, JSONRPCError(RPC_PARSE_ERROR, e.what()), jreq.id); + return false; + } + return true; +} + +static bool InitRPCAuthentication() +{ + if (mapArgs["-rpcpassword"] == "") + { + LogPrintf("No rpcpassword set - using random cookie authentication\n"); + if (!GenerateAuthCookie(&strRPCUserColonPass)) { + uiInterface.ThreadSafeMessageBox( + _("Error: A fatal internal error occurred, see debug.log for details"), // Same message as AbortNode + "", CClientUIInterface::MSG_ERROR); + return false; + } + } else { + strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"]; + } + return true; +} + +bool StartHTTPRPC() +{ + LogPrint("rpc", "Starting HTTP RPC server\n"); + if (!InitRPCAuthentication()) + return false; + + RegisterHTTPHandler("/", true, HTTPReq_JSONRPC); + + assert(EventBase()); + httpRPCTimerInterface = new HTTPRPCTimerInterface(EventBase()); + RPCRegisterTimerInterface(httpRPCTimerInterface); + return true; +} + +void InterruptHTTPRPC() +{ + LogPrint("rpc", "Interrupting HTTP RPC server\n"); +} + +void StopHTTPRPC() +{ + LogPrint("rpc", "Stopping HTTP RPC server\n"); + UnregisterHTTPHandler("/", true); + if (httpRPCTimerInterface) { + RPCUnregisterTimerInterface(httpRPCTimerInterface); + delete httpRPCTimerInterface; + httpRPCTimerInterface = 0; + } +} -- cgit v1.2.3 From be33f3f50b7358bbad9e16bf730fac2ab3c4886b Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Fri, 28 Aug 2015 16:46:20 +0200 Subject: Implement RPCTimerHandler for Qt RPC console Implement RPCTimerHandler for Qt RPC console, so that `walletpassphrase` works with GUI and `-server=0`. Also simplify HTTPEvent-related code by using boost::function directly. --- src/httprpc.cpp | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) (limited to 'src/httprpc.cpp') diff --git a/src/httprpc.cpp b/src/httprpc.cpp index 570beadc5..98ac750bb 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -19,24 +19,16 @@ class HTTPRPCTimer : public RPCTimerBase { public: - HTTPRPCTimer(struct event_base* eventBase, boost::function& func, int64_t seconds) : ev(eventBase, false, new Handler(func)) + HTTPRPCTimer(struct event_base* eventBase, boost::function& func, int64_t millis) : + ev(eventBase, false, func) { - struct timeval tv = {seconds, 0}; + struct timeval tv; + tv.tv_sec = millis/1000; + tv.tv_usec = (millis%1000)*1000; ev.trigger(&tv); } private: HTTPEvent ev; - - class Handler : public HTTPClosure - { - public: - Handler(const boost::function& func) : func(func) - { - } - private: - boost::function func; - void operator()() { func(); } - }; }; class HTTPRPCTimerInterface : public RPCTimerInterface @@ -49,9 +41,9 @@ public: { return "HTTP"; } - RPCTimerBase* NewTimer(boost::function& func, int64_t seconds) + RPCTimerBase* NewTimer(boost::function& func, int64_t millis) { - return new HTTPRPCTimer(base, func, seconds); + return new HTTPRPCTimer(base, func, millis); } private: struct event_base* base; -- cgit v1.2.3 From d52fbf00e32fb0565652c9a62cdaf2bc1e2dddf0 Mon Sep 17 00:00:00 2001 From: Gregory Sanders Date: Wed, 11 Nov 2015 10:49:32 -0500 Subject: Added additional config option for multiple RPC users. --- src/httprpc.cpp | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) (limited to 'src/httprpc.cpp') diff --git a/src/httprpc.cpp b/src/httprpc.cpp index 98ac750bb..2920aa26f 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -10,8 +10,12 @@ #include "util.h" #include "utilstrencodings.h" #include "ui_interface.h" +#include "crypto/hmac_sha256.h" +#include +#include "utilstrencodings.h" #include // boost::trim +#include //BOOST_FOREACH /** Simple one-shot callback timer to be used by the RPC mechanism to e.g. * re-lock the wellet. @@ -72,6 +76,50 @@ static void JSONErrorReply(HTTPRequest* req, const UniValue& objError, const Uni req->WriteReply(nStatus, strReply); } +//This function checks username and password against -rpcauth +//entries from config file. +static bool multiUserAuthorized(std::string strUserPass) +{ + if (strUserPass.find(":") == std::string::npos) { + return false; + } + std::string strUser = strUserPass.substr(0, strUserPass.find(":")); + std::string strPass = strUserPass.substr(strUserPass.find(":") + 1); + + if (mapMultiArgs.count("-rpcauth") > 0) { + //Search for multi-user login/pass "rpcauth" from config + BOOST_FOREACH(std::string strRPCAuth, mapMultiArgs["-rpcauth"]) + { + std::vector vFields; + boost::split(vFields, strRPCAuth, boost::is_any_of(":$")); + if (vFields.size() != 3) { + //Incorrect formatting in config file + continue; + } + + std::string strName = vFields[0]; + if (!TimingResistantEqual(strName, strUser)) { + continue; + } + + std::string strSalt = vFields[1]; + std::string strHash = vFields[2]; + + unsigned int KEY_SIZE = 32; + unsigned char *out = new unsigned char[KEY_SIZE]; + + CHMAC_SHA256(reinterpret_cast(strSalt.c_str()), strSalt.size()).Write(reinterpret_cast(strPass.c_str()), strPass.size()).Finalize(out); + std::vector hexvec(out, out+KEY_SIZE); + std::string strHashFromPass = HexStr(hexvec); + + if (TimingResistantEqual(strHashFromPass, strHash)) { + return true; + } + } + } + return false; +} + static bool RPCAuthorized(const std::string& strAuth) { if (strRPCUserColonPass.empty()) // Belt-and-suspenders measure if InitRPCAuthentication was not called @@ -81,7 +129,12 @@ static bool RPCAuthorized(const std::string& strAuth) std::string strUserPass64 = strAuth.substr(6); boost::trim(strUserPass64); std::string strUserPass = DecodeBase64(strUserPass64); - return TimingResistantEqual(strUserPass, strRPCUserColonPass); + + //Check if authorized under single-user field + if (TimingResistantEqual(strUserPass, strRPCUserColonPass)) { + return true; + } + return multiUserAuthorized(strUserPass); } static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &) @@ -157,6 +210,7 @@ static bool InitRPCAuthentication() return false; } } else { + LogPrintf("Config options rpcuser and rpcpassword will soon be deprecated. Locally-run instances may remove rpcuser to use cookie-based auth, or may be replaced with rpcauth. Please see share/rpcuser for rpcauth auth generation."); strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"]; } return true; -- cgit v1.2.3 From fa60d05a4e194b9e3d2991ee2636c40c68737052 Mon Sep 17 00:00:00 2001 From: MarcoFalke Date: Mon, 5 Jan 2015 21:40:24 +0100 Subject: Add missing copyright headers --- src/httprpc.cpp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/httprpc.cpp') diff --git a/src/httprpc.cpp b/src/httprpc.cpp index 2920aa26f..4739fa8e2 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -1,3 +1,7 @@ +// Copyright (c) 2015 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + #include "httprpc.h" #include "base58.h" -- cgit v1.2.3 From 8a7f0001be88122256b1a8dc29b066210dc85625 Mon Sep 17 00:00:00 2001 From: Jonas Schnelli Date: Fri, 8 Jan 2016 11:03:52 +0100 Subject: [RPC] remove the option of having multiple timer interfaces --- src/httprpc.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/httprpc.cpp') diff --git a/src/httprpc.cpp b/src/httprpc.cpp index 2920aa26f..1466dc0cb 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -226,7 +226,7 @@ bool StartHTTPRPC() assert(EventBase()); httpRPCTimerInterface = new HTTPRPCTimerInterface(EventBase()); - RPCRegisterTimerInterface(httpRPCTimerInterface); + RPCSetTimerInterface(httpRPCTimerInterface); return true; } @@ -240,7 +240,7 @@ void StopHTTPRPC() LogPrint("rpc", "Stopping HTTP RPC server\n"); UnregisterHTTPHandler("/", true); if (httpRPCTimerInterface) { - RPCUnregisterTimerInterface(httpRPCTimerInterface); + RPCUnsetTimerInterface(httpRPCTimerInterface); delete httpRPCTimerInterface; httpRPCTimerInterface = 0; } -- cgit v1.2.3 From a0eaff8a1d18ebba33cdea4cd1efaddeb55519e7 Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Fri, 15 Jan 2016 11:55:17 +1100 Subject: move rpc* to rpc/ --- src/httprpc.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/httprpc.cpp') diff --git a/src/httprpc.cpp b/src/httprpc.cpp index 1466dc0cb..e7c28238b 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -3,8 +3,8 @@ #include "base58.h" #include "chainparams.h" #include "httpserver.h" -#include "rpcprotocol.h" -#include "rpcserver.h" +#include "rpc/protocol.h" +#include "rpc/server.h" #include "random.h" #include "sync.h" #include "util.h" -- cgit v1.2.3 From 7c06fbd8f58058d77c3e9da841811201d2e45e92 Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Fri, 5 Feb 2016 10:45:50 +0100 Subject: rpc: Add WWW-Authenticate header to 401 response A WWW-Authenticate header must be present in the 401 response to make clients know that they can authenticate, and how. WWW-Authenticate: Basic realm="jsonrpc" Fixes #7462. --- src/httprpc.cpp | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/httprpc.cpp') diff --git a/src/httprpc.cpp b/src/httprpc.cpp index 432a5c079..a447a3eff 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -21,6 +21,9 @@ #include // boost::trim #include //BOOST_FOREACH +/** WWW-Authenticate to present with 401 Unauthorized response */ +static const char* WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\""; + /** Simple one-shot callback timer to be used by the RPC mechanism to e.g. * re-lock the wellet. */ @@ -151,6 +154,7 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &) // Check authorization std::pair authHeader = req->GetHeader("authorization"); if (!authHeader.first) { + req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA); req->WriteReply(HTTP_UNAUTHORIZED); return false; } @@ -163,6 +167,7 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &) shouldn't have their RPC port exposed. */ MilliSleep(250); + req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA); req->WriteReply(HTTP_UNAUTHORIZED); return false; } -- cgit v1.2.3 From fa266524592cc18c789cc587d738fb0e548fd23a Mon Sep 17 00:00:00 2001 From: MarcoFalke Date: Sun, 28 Feb 2016 22:42:26 +0100 Subject: Make sure LogPrintf strings are line-terminated --- src/httprpc.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/httprpc.cpp') diff --git a/src/httprpc.cpp b/src/httprpc.cpp index a447a3eff..04d3386e9 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -219,7 +219,7 @@ static bool InitRPCAuthentication() return false; } } else { - LogPrintf("Config options rpcuser and rpcpassword will soon be deprecated. Locally-run instances may remove rpcuser to use cookie-based auth, or may be replaced with rpcauth. Please see share/rpcuser for rpcauth auth generation."); + LogPrintf("Config options rpcuser and rpcpassword will soon be deprecated. Locally-run instances may remove rpcuser to use cookie-based auth, or may be replaced with rpcauth. Please see share/rpcuser for rpcauth auth generation.\n"); strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"]; } return true; -- cgit v1.2.3 From ff8d279a78fef40224665353624771cd970c6095 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20Jan=C3=ADk?= Date: Fri, 27 May 2016 08:00:56 +0200 Subject: Do not shadow member variables --- src/httprpc.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/httprpc.cpp') diff --git a/src/httprpc.cpp b/src/httprpc.cpp index 04d3386e9..6a6c5276c 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -45,7 +45,7 @@ private: class HTTPRPCTimerInterface : public RPCTimerInterface { public: - HTTPRPCTimerInterface(struct event_base* base) : base(base) + HTTPRPCTimerInterface(struct event_base* _base) : base(_base) { } const char* Name() -- cgit v1.2.3 From 69d1c25768a8649bfc7eb8e9c35b8fe9874ac9fc Mon Sep 17 00:00:00 2001 From: Jonas Schnelli Date: Thu, 22 Sep 2016 09:46:41 +0200 Subject: [RPC] Give RPC commands more information about the RPC request --- src/httprpc.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'src/httprpc.cpp') diff --git a/src/httprpc.cpp b/src/httprpc.cpp index 6a6c5276c..54651911a 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -172,19 +172,22 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &) return false; } - JSONRequest jreq; + JSONRPCRequest jreq; try { // Parse request UniValue valRequest; if (!valRequest.read(req->ReadBody())) throw JSONRPCError(RPC_PARSE_ERROR, "Parse error"); + // Set the URI + jreq.URI = req->GetURI(); + std::string strReply; // singleton request if (valRequest.isObject()) { jreq.parse(valRequest); - UniValue result = tableRPC.execute(jreq.strMethod, jreq.params); + UniValue result = tableRPC.execute(jreq); // Send reply strReply = JSONRPCReply(result, NullUniValue, jreq.id); -- cgit v1.2.3 From e7156ad61be2fe935fdb64e9d0e877fa0e9f7f9e Mon Sep 17 00:00:00 2001 From: Jonas Schnelli Date: Thu, 22 Sep 2016 09:58:13 +0200 Subject: [RPC] pass HTTP basic authentication username to the JSONRequest object --- src/httprpc.cpp | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'src/httprpc.cpp') diff --git a/src/httprpc.cpp b/src/httprpc.cpp index 54651911a..e35acb6cd 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -127,7 +127,7 @@ static bool multiUserAuthorized(std::string strUserPass) return false; } -static bool RPCAuthorized(const std::string& strAuth) +static bool RPCAuthorized(const std::string& strAuth, std::string& strAuthUsernameOut) { if (strRPCUserColonPass.empty()) // Belt-and-suspenders measure if InitRPCAuthentication was not called return false; @@ -136,7 +136,10 @@ static bool RPCAuthorized(const std::string& strAuth) std::string strUserPass64 = strAuth.substr(6); boost::trim(strUserPass64); std::string strUserPass = DecodeBase64(strUserPass64); - + + if (strUserPass.find(":") != std::string::npos) + strAuthUsernameOut = strUserPass.substr(0, strUserPass.find(":")); + //Check if authorized under single-user field if (TimingResistantEqual(strUserPass, strRPCUserColonPass)) { return true; @@ -159,7 +162,8 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &) return false; } - if (!RPCAuthorized(authHeader.second)) { + JSONRPCRequest jreq; + if (!RPCAuthorized(authHeader.second, jreq.authUser)) { LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", req->GetPeer().ToString()); /* Deter brute-forcing @@ -172,7 +176,6 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &) return false; } - JSONRPCRequest jreq; try { // Parse request UniValue valRequest; -- cgit v1.2.3 From 2b5f085ad11b4b354f48d77e66698fa386c8abbd Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Tue, 29 Nov 2016 16:50:49 -0800 Subject: Fix non-const mapMultiArgs[] access after init. Swap mapMultiArgs for a const-reference to a _mapMultiArgs which is only accessed in util.cpp --- src/httprpc.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/httprpc.cpp') diff --git a/src/httprpc.cpp b/src/httprpc.cpp index e35acb6cd..049a3f19a 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -95,7 +95,7 @@ static bool multiUserAuthorized(std::string strUserPass) if (mapMultiArgs.count("-rpcauth") > 0) { //Search for multi-user login/pass "rpcauth" from config - BOOST_FOREACH(std::string strRPCAuth, mapMultiArgs["-rpcauth"]) + BOOST_FOREACH(std::string strRPCAuth, mapMultiArgs.at("-rpcauth")) { std::vector vFields; boost::split(vFields, strRPCAuth, boost::is_any_of(":$")); -- cgit v1.2.3 From 4cd373aea8d20356727f7d65e0bc818beb6523dc Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Tue, 29 Nov 2016 18:45:24 -0800 Subject: Un-expose mapArgs from utils.h --- src/httprpc.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/httprpc.cpp') diff --git a/src/httprpc.cpp b/src/httprpc.cpp index 049a3f19a..970ce2db7 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -215,7 +215,7 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &) static bool InitRPCAuthentication() { - if (mapArgs["-rpcpassword"] == "") + if (GetArg("-rpcpassword", "") == "") { LogPrintf("No rpcpassword set - using random cookie authentication\n"); if (!GenerateAuthCookie(&strRPCUserColonPass)) { @@ -226,7 +226,7 @@ static bool InitRPCAuthentication() } } else { LogPrintf("Config options rpcuser and rpcpassword will soon be deprecated. Locally-run instances may remove rpcuser to use cookie-based auth, or may be replaced with rpcauth. Please see share/rpcuser for rpcauth auth generation.\n"); - strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"]; + strRPCUserColonPass = GetArg("-rpcuser", "") + ":" + GetArg("-rpcpassword", ""); } return true; } -- cgit v1.2.3 From 27765b6403cece54320374b37afb01a0cfe571c3 Mon Sep 17 00:00:00 2001 From: isle2983 Date: Sat, 31 Dec 2016 11:01:21 -0700 Subject: Increment MIT Licence copyright header year on files modified in 2016 Edited via: $ contrib/devtools/copyright_header.py update . --- src/httprpc.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/httprpc.cpp') diff --git a/src/httprpc.cpp b/src/httprpc.cpp index 970ce2db7..742ff2b8f 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -1,4 +1,4 @@ -// Copyright (c) 2015 The Bitcoin Core developers +// Copyright (c) 2015-2016 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. -- cgit v1.2.3 From 99f001eb52dda703bd326833430054b108de35a1 Mon Sep 17 00:00:00 2001 From: Pieter Wuille Date: Tue, 10 Jan 2017 15:05:35 -0800 Subject: Fix memory leak in multiUserAuthorized --- src/httprpc.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/httprpc.cpp') diff --git a/src/httprpc.cpp b/src/httprpc.cpp index 742ff2b8f..93beda09a 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -113,8 +113,8 @@ static bool multiUserAuthorized(std::string strUserPass) std::string strHash = vFields[2]; unsigned int KEY_SIZE = 32; - unsigned char *out = new unsigned char[KEY_SIZE]; - + unsigned char out[KEY_SIZE]; + CHMAC_SHA256(reinterpret_cast(strSalt.c_str()), strSalt.size()).Write(reinterpret_cast(strPass.c_str()), strPass.size()).Finalize(out); std::vector hexvec(out, out+KEY_SIZE); std::string strHashFromPass = HexStr(hexvec); -- cgit v1.2.3 From cc16d99f1dc8305b1b255f1cc0f2b1516aa77ed0 Mon Sep 17 00:00:00 2001 From: practicalswift Date: Wed, 18 Jan 2017 16:15:37 +0100 Subject: [trivial] Fix typos in comments --- src/httprpc.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/httprpc.cpp') diff --git a/src/httprpc.cpp b/src/httprpc.cpp index 93beda09a..daac7a0f1 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -25,7 +25,7 @@ static const char* WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\""; /** Simple one-shot callback timer to be used by the RPC mechanism to e.g. - * re-lock the wellet. + * re-lock the wallet. */ class HTTPRPCTimer : public RPCTimerBase { -- cgit v1.2.3 From f873564231d694b47e6e7e5430f4e0785a036664 Mon Sep 17 00:00:00 2001 From: Pieter Wuille Date: Fri, 17 Feb 2017 11:41:45 -0800 Subject: Make KEY_SIZE a compile-time constant Github-Pull: #9785 Rebased-From: 914fad155d9fc76b42b3a0414dd14b5ebc36062f --- src/httprpc.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/httprpc.cpp') diff --git a/src/httprpc.cpp b/src/httprpc.cpp index daac7a0f1..8ac6925ac 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -112,7 +112,7 @@ static bool multiUserAuthorized(std::string strUserPass) std::string strSalt = vFields[1]; std::string strHash = vFields[2]; - unsigned int KEY_SIZE = 32; + static const unsigned int KEY_SIZE = 32; unsigned char out[KEY_SIZE]; CHMAC_SHA256(reinterpret_cast(strSalt.c_str()), strSalt.size()).Write(reinterpret_cast(strPass.c_str()), strPass.size()).Finalize(out); -- cgit v1.2.3