diff options
| author | Jonas Schnelli <dev@jonasschnelli.ch> | 2016-09-22 09:58:13 +0200 |
|---|---|---|
| committer | Jonas Schnelli <dev@jonasschnelli.ch> | 2016-10-19 14:47:27 +0200 |
| commit | e7156ad61be2fe935fdb64e9d0e877fa0e9f7f9e (patch) | |
| tree | 19dcb95789fea3e6d168a7b2e1ecb7d66a5e006f /src | |
| parent | 69d1c25768a8649bfc7eb8e9c35b8fe9874ac9fc (diff) | |
| download | bitcoin-e7156ad61be2fe935fdb64e9d0e877fa0e9f7f9e.tar.xz | |
[RPC] pass HTTP basic authentication username to the JSONRequest object
Diffstat (limited to 'src')
| -rw-r--r-- | src/httprpc.cpp | 11 | ||||
| -rw-r--r-- | src/rest.cpp | 1 | ||||
| -rw-r--r-- | src/rpc/server.h | 3 |
3 files changed, 10 insertions, 5 deletions
diff --git a/src/httprpc.cpp b/src/httprpc.cpp index 54651911aa..e35acb6cd9 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -127,7 +127,7 @@ static bool multiUserAuthorized(std::string strUserPass) return false; } -static bool RPCAuthorized(const std::string& strAuth) +static bool RPCAuthorized(const std::string& strAuth, std::string& strAuthUsernameOut) { if (strRPCUserColonPass.empty()) // Belt-and-suspenders measure if InitRPCAuthentication was not called return false; @@ -136,7 +136,10 @@ static bool RPCAuthorized(const std::string& strAuth) std::string strUserPass64 = strAuth.substr(6); boost::trim(strUserPass64); std::string strUserPass = DecodeBase64(strUserPass64); - + + if (strUserPass.find(":") != std::string::npos) + strAuthUsernameOut = strUserPass.substr(0, strUserPass.find(":")); + //Check if authorized under single-user field if (TimingResistantEqual(strUserPass, strRPCUserColonPass)) { return true; @@ -159,7 +162,8 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &) return false; } - if (!RPCAuthorized(authHeader.second)) { + JSONRPCRequest jreq; + if (!RPCAuthorized(authHeader.second, jreq.authUser)) { LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", req->GetPeer().ToString()); /* Deter brute-forcing @@ -172,7 +176,6 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &) return false; } - JSONRPCRequest jreq; try { // Parse request UniValue valRequest; diff --git a/src/rest.cpp b/src/rest.cpp index 707dfe6987..b8b5420626 100644 --- a/src/rest.cpp +++ b/src/rest.cpp @@ -286,6 +286,7 @@ static bool rest_chaininfo(HTTPRequest* req, const std::string& strURIPart) switch (rf) { case RF_JSON: { JSONRPCRequest jsonRequest; + jsonRequest.params = UniValue(UniValue::VARR); UniValue chainInfoObject = getblockchaininfo(jsonRequest); string strJSON = chainInfoObject.write() + "\n"; req->WriteHeader("Content-Type", "application/json"); diff --git a/src/rpc/server.h b/src/rpc/server.h index d8b5097035..c59886222c 100644 --- a/src/rpc/server.h +++ b/src/rpc/server.h @@ -49,8 +49,9 @@ public: UniValue params; bool fHelp; std::string URI; + std::string authUser; - JSONRPCRequest() { id = NullUniValue; } + JSONRPCRequest() { id = NullUniValue; params = NullUniValue; fHelp = false; } void parse(const UniValue& valRequest); }; |