aboutsummaryrefslogtreecommitdiff
path: root/src/rpcserver.cpp
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@gmail.com>2014-05-09 17:26:16 +0200
committerWladimir J. van der Laan <laanwj@gmail.com>2014-05-09 17:26:42 +0200
commit605d5b55582f00ea8a089fe632cd8a52e951126b (patch)
treec92db0c674fb1adf9f3a8f0c743547af1db59523 /src/rpcserver.cpp
parent8bcfccbc2de25e3b40d1c222d7c5d9991345a0aa (diff)
parent21bf3d257b88c45e2bb0b47e36e73d7462760c2c (diff)
Merge pull request #4102
21bf3d2 Add tests for BoostAsioToCNetAddr (Wladimir J. van der Laan) fdbd707 Remove unused function WildcardMatch (Wladimir J. van der Laan) ee21912 rpc: Use netmasks instead of wildcards for IP address matching (Wladimir J. van der Laan) e16be73 net: Add CSubNet class for subnet matching (Wladimir J. van der Laan) d864275 Use new function parseint32 in SplitHostPort (Wladimir J. van der Laan) 0d4ea1c util: add parseint32 function with strict error reporting (Wladimir J. van der Laan)
Diffstat (limited to 'src/rpcserver.cpp')
-rw-r--r--src/rpcserver.cpp62
1 files changed, 48 insertions, 14 deletions
diff --git a/src/rpcserver.cpp b/src/rpcserver.cpp
index f78cb420f4..ac40ea7cf1 100644
--- a/src/rpcserver.cpp
+++ b/src/rpcserver.cpp
@@ -38,6 +38,7 @@ static map<string, boost::shared_ptr<deadline_timer> > deadlineTimers;
static ssl::context* rpc_ssl_context = NULL;
static boost::thread_group* rpc_worker_group = NULL;
static boost::asio::io_service::work *rpc_dummy_work = NULL;
+static std::vector<CSubNet> rpc_allow_subnets; //!< List of subnets to allow RPC connections from
void RPCTypeCheck(const Array& params,
const list<Value_type>& typesExpected,
@@ -358,25 +359,33 @@ void ErrorReply(std::ostream& stream, const Object& objError, const Value& id)
stream << HTTPReply(nStatus, strReply, false) << std::flush;
}
-bool ClientAllowed(const boost::asio::ip::address& address)
+CNetAddr BoostAsioToCNetAddr(boost::asio::ip::address address)
{
+ CNetAddr netaddr;
// Make sure that IPv4-compatible and IPv4-mapped IPv6 addresses are treated as IPv4 addresses
if (address.is_v6()
&& (address.to_v6().is_v4_compatible()
|| address.to_v6().is_v4_mapped()))
- return ClientAllowed(address.to_v6().to_v4());
-
- if (address == asio::ip::address_v4::loopback()
- || address == asio::ip::address_v6::loopback()
- || (address.is_v4()
- // Check whether IPv4 addresses match 127.0.0.0/8 (loopback subnet)
- && (address.to_v4().to_ulong() & 0xff000000) == 0x7f000000))
- return true;
-
- const string strAddress = address.to_string();
- const vector<string>& vAllow = mapMultiArgs["-rpcallowip"];
- BOOST_FOREACH(string strAllow, vAllow)
- if (WildcardMatch(strAddress, strAllow))
+ address = address.to_v6().to_v4();
+
+ if(address.is_v4())
+ {
+ boost::asio::ip::address_v4::bytes_type bytes = address.to_v4().to_bytes();
+ netaddr.SetRaw(NET_IPV4, &bytes[0]);
+ }
+ else
+ {
+ boost::asio::ip::address_v6::bytes_type bytes = address.to_v6().to_bytes();
+ netaddr.SetRaw(NET_IPV6, &bytes[0]);
+ }
+ return netaddr;
+}
+
+bool ClientAllowed(const boost::asio::ip::address& address)
+{
+ CNetAddr netaddr = BoostAsioToCNetAddr(address);
+ BOOST_FOREACH(const CSubNet &subnet, rpc_allow_subnets)
+ if (subnet.Match(netaddr))
return true;
return false;
}
@@ -502,6 +511,31 @@ static void RPCAcceptHandler(boost::shared_ptr< basic_socket_acceptor<Protocol,
void StartRPCThreads()
{
+ rpc_allow_subnets.clear();
+ rpc_allow_subnets.push_back(CSubNet("127.0.0.0/8")); // always allow IPv4 local subnet
+ rpc_allow_subnets.push_back(CSubNet("::1")); // always allow IPv6 localhost
+ if (mapMultiArgs.count("-rpcallowip"))
+ {
+ const vector<string>& vAllow = mapMultiArgs["-rpcallowip"];
+ BOOST_FOREACH(string strAllow, vAllow)
+ {
+ CSubNet subnet(strAllow);
+ if(!subnet.IsValid())
+ {
+ uiInterface.ThreadSafeMessageBox(
+ strprintf("Invalid -rpcallowip subnet specification: %s", strAllow),
+ "", CClientUIInterface::MSG_ERROR);
+ StartShutdown();
+ return;
+ }
+ rpc_allow_subnets.push_back(subnet);
+ }
+ }
+ std::string strAllowed;
+ BOOST_FOREACH(const CSubNet &subnet, rpc_allow_subnets)
+ strAllowed += subnet.ToString() + " ";
+ LogPrint("rpc", "Allowing RPC connections from: %s\n", strAllowed);
+
strRPCUserColonPass = mapArgs["-rpcuser"] + ":" + mapArgs["-rpcpassword"];
if (((mapArgs["-rpcpassword"] == "") ||
(mapArgs["-rpcuser"] == mapArgs["-rpcpassword"])) && Params().RequireRPCPassword())