From db53d4636d2ad7f4eda4970cdcd08d53b3025b52 Mon Sep 17 00:00:00 2001 From: amon Date: Fri, 2 Feb 2018 04:59:56 +0800 Subject: [PATCH] Added 'transfer' to the list of extended RPC methods in simplewallet requiring an explicit flag to enable these methods. Updated existing methods to throw an error informing the user that their request has been restricted when attempting to access extended methods without authorisation. --- src/Wallet/WalletRpcServer.cpp | 16 +++++++++++++++- src/Wallet/WalletRpcServerErrorCodes.h | 1 + 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/src/Wallet/WalletRpcServer.cpp b/src/Wallet/WalletRpcServer.cpp index 5895e82525..3aece82733 100755 --- a/src/Wallet/WalletRpcServer.cpp +++ b/src/Wallet/WalletRpcServer.cpp @@ -106,12 +106,12 @@ void wallet_rpc_server::processRequest(const CryptoNote::HttpRequest& request, C static std::unordered_map s_methods = { { "getbalance", makeMemberMethod(&wallet_rpc_server::on_getbalance) }, - { "transfer", makeMemberMethod(&wallet_rpc_server::on_transfer) }, { "store", makeMemberMethod(&wallet_rpc_server::on_store) }, { "get_payments", makeMemberMethod(&wallet_rpc_server::on_get_payments) }, { "get_transfers", makeMemberMethod(&wallet_rpc_server::on_get_transfers) }, { "get_height", makeMemberMethod(&wallet_rpc_server::on_get_height) }, // below are the restricted methods, use --enable-extended-rpc + { "transfer", makeMemberMethod(&wallet_rpc_server::on_transfer) }, { "reset", makeMemberMethod(&wallet_rpc_server::on_reset) }, { "stop_wallet", makeMemberMethod(&wallet_rpc_server::on_stop_wallet) }, { "get_address", makeMemberMethod(&wallet_rpc_server::on_get_address) }, @@ -142,6 +142,11 @@ bool wallet_rpc_server::on_getbalance(const wallet_rpc::COMMAND_RPC_GET_BALANCE: } //------------------------------------------------------------------------------------------------------------------------------ bool wallet_rpc_server::on_transfer(const wallet_rpc::COMMAND_RPC_TRANSFER::request& req, wallet_rpc::COMMAND_RPC_TRANSFER::response& res) { + + if(!m_allow_extended_rpc) { + throw JsonRpc::JsonRpcError(WALLET_RPC_ERROR_METHOD_RESTRICTED, "Unable to invoke extended RPC method without explicit --allow-extended-rpc flag."); + } + std::vector transfers; for (auto it = req.destinations.begin(); it != req.destinations.end(); it++) { CryptoNote::WalletLegacyTransfer transfer; @@ -311,6 +316,9 @@ bool wallet_rpc_server::on_stop_wallet(const wallet_rpc::COMMAND_RPC_STOP::reque wallet_rpc_server::send_stop_signal(); } + else { + throw JsonRpc::JsonRpcError(WALLET_RPC_ERROR_METHOD_RESTRICTED, "Unable to invoke extended RPC method without explicit --allow-extended-rpc flag."); + } return true; } @@ -320,6 +328,9 @@ bool wallet_rpc_server::on_get_address(const wallet_rpc::COMMAND_RPC_GET_ADDRESS if(m_allow_extended_rpc) { res.address = m_wallet.getAddress(); } + else { + throw JsonRpc::JsonRpcError(WALLET_RPC_ERROR_METHOD_RESTRICTED, "Unable to invoke extended RPC method without explicit --allow-extended-rpc flag."); + } return true; } @@ -332,6 +343,9 @@ bool wallet_rpc_server::on_view_keys(const wallet_rpc::COMMAND_RPC_VIEW_KEYS::re res.view_key = Common::podToHex(keys.viewSecretKey); res.spend_key = Common::podToHex(keys.spendSecretKey); } + else { + throw JsonRpc::JsonRpcError(WALLET_RPC_ERROR_METHOD_RESTRICTED, "Unable to invoke extended RPC method without explicit --allow-extended-rpc flag."); + } return true; } diff --git a/src/Wallet/WalletRpcServerErrorCodes.h b/src/Wallet/WalletRpcServerErrorCodes.h index b18ec574b7..0cbb2a1a66 100755 --- a/src/Wallet/WalletRpcServerErrorCodes.h +++ b/src/Wallet/WalletRpcServerErrorCodes.h @@ -23,3 +23,4 @@ #define WALLET_RPC_ERROR_CODE_DAEMON_IS_BUSY -3 #define WALLET_RPC_ERROR_CODE_GENERIC_TRANSFER_ERROR -4 #define WALLET_RPC_ERROR_CODE_WRONG_PAYMENT_ID -5 +#define WALLET_RPC_ERROR_METHOD_RESTRICTED -6