diff options
Diffstat (limited to 'src/httprpc.cpp')
| -rw-r--r-- | src/httprpc.cpp | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/httprpc.cpp b/src/httprpc.cpp index 6a6c5276cc..e35acb6cd9 100644 --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -127,7 +127,7 @@ static bool multiUserAuthorized(std::string strUserPass) return false; } -static bool RPCAuthorized(const std::string& strAuth) +static bool RPCAuthorized(const std::string& strAuth, std::string& strAuthUsernameOut) { if (strRPCUserColonPass.empty()) // Belt-and-suspenders measure if InitRPCAuthentication was not called return false; @@ -136,7 +136,10 @@ static bool RPCAuthorized(const std::string& strAuth) std::string strUserPass64 = strAuth.substr(6); boost::trim(strUserPass64); std::string strUserPass = DecodeBase64(strUserPass64); - + + if (strUserPass.find(":") != std::string::npos) + strAuthUsernameOut = strUserPass.substr(0, strUserPass.find(":")); + //Check if authorized under single-user field if (TimingResistantEqual(strUserPass, strRPCUserColonPass)) { return true; @@ -159,7 +162,8 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &) return false; } - if (!RPCAuthorized(authHeader.second)) { + JSONRPCRequest jreq; + if (!RPCAuthorized(authHeader.second, jreq.authUser)) { LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", req->GetPeer().ToString()); /* Deter brute-forcing @@ -172,19 +176,21 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &) return false; } - JSONRequest jreq; try { // Parse request UniValue valRequest; if (!valRequest.read(req->ReadBody())) throw JSONRPCError(RPC_PARSE_ERROR, "Parse error"); + // Set the URI + jreq.URI = req->GetURI(); + std::string strReply; // singleton request if (valRequest.isObject()) { jreq.parse(valRequest); - UniValue result = tableRPC.execute(jreq.strMethod, jreq.params); + UniValue result = tableRPC.execute(jreq); // Send reply strReply = JSONRPCReply(result, NullUniValue, jreq.id); |