21 #include <boost/algorithm/string.hpp>
22 #include <boost/foreach.hpp>
25 static const char* WWW_AUTH_HEADER_DATA =
"Basic realm=\"jsonrpc\"";
33 HTTPRPCTimer(
struct event_base* eventBase, boost::function<
void(
void)>& func, int64_t millis) :
34 ev(eventBase, false, func)
37 tv.tv_sec = millis/1000;
38 tv.tv_usec = (millis%1000)*1000;
65 static std::string strRPCUserColonPass;
82 req->
WriteHeader(
"Content-Type",
"application/json");
88 static bool multiUserAuthorized(std::string strUserPass)
90 if (strUserPass.find(
":") == std::string::npos) {
93 std::string strUser = strUserPass.substr(0, strUserPass.find(
":"));
94 std::string strPass = strUserPass.substr(strUserPass.find(
":") + 1);
98 BOOST_FOREACH(std::string strRPCAuth,
mapMultiArgs.at(
"-rpcauth"))
100 std::vector<std::string> vFields;
101 boost::split(vFields, strRPCAuth, boost::is_any_of(
":$"));
102 if (vFields.size() != 3) {
107 std::string strName = vFields[0];
112 std::string strSalt = vFields[1];
113 std::string strHash = vFields[2];
115 static const unsigned int KEY_SIZE = 32;
116 unsigned char out[KEY_SIZE];
118 CHMAC_SHA256(
reinterpret_cast<const unsigned char*
>(strSalt.c_str()), strSalt.size()).
Write(
reinterpret_cast<const unsigned char*
>(strPass.c_str()), strPass.size()).
Finalize(out);
119 std::vector<unsigned char> hexvec(out, out+KEY_SIZE);
120 std::string strHashFromPass =
HexStr(hexvec);
130 static bool RPCAuthorized(
const std::string& strAuth, std::string& strAuthUsernameOut)
132 if (strRPCUserColonPass.empty())
134 if (strAuth.substr(0, 6) !=
"Basic ")
136 std::string strUserPass64 = strAuth.substr(6);
137 boost::trim(strUserPass64);
140 if (strUserPass.find(
":") != std::string::npos)
141 strAuthUsernameOut = strUserPass.substr(0, strUserPass.find(
":"));
147 return multiUserAuthorized(strUserPass);
150 static bool HTTPReq_JSONRPC(
HTTPRequest* req,
const std::string &)
158 std::pair<bool, std::string> authHeader = req->
GetHeader(
"authorization");
159 if (!authHeader.first) {
160 req->
WriteHeader(
"WWW-Authenticate", WWW_AUTH_HEADER_DATA);
166 if (!RPCAuthorized(authHeader.second, jreq.
authUser)) {
174 req->
WriteHeader(
"WWW-Authenticate", WWW_AUTH_HEADER_DATA);
188 std::string strReply;
191 jreq.
parse(valRequest);
199 }
else if (valRequest.
isArray())
204 req->
WriteHeader(
"Content-Type",
"application/json");
206 }
catch (
const UniValue& objError) {
207 JSONErrorReply(req, objError, jreq.
id);
209 }
catch (
const std::exception& e) {
216 static bool InitRPCAuthentication()
218 if (
GetArg(
"-rpcpassword",
"") ==
"")
220 LogPrintf(
"No rpcpassword set - using random cookie authentication\n");
223 _(
"Error: A fatal internal error occurred, see debug.log for details"),
228 LogPrintf(
"Config options rpcuser and rpcpassword will soon be deprecated. Locally-run instances may remove rpcuser to use cookie-based auth, or may be replaced with rpcauth. Please see share/rpcuser for rpcauth auth generation.\n");
229 strRPCUserColonPass =
GetArg(
"-rpcuser",
"") +
":" +
GetArg(
"-rpcpassword",
"");
236 LogPrint(
"rpc",
"Starting HTTP RPC server\n");
237 if (!InitRPCAuthentication())
250 LogPrint(
"rpc",
"Interrupting HTTP RPC server\n");
255 LogPrint(
"rpc",
"Stopping HTTP RPC server\n");
257 if (httpRPCTimerInterface) {
259 delete httpRPCTimerInterface;
260 httpRPCTimerInterface = 0;
boost::signals2::signal< bool(const std::string &message, const std::string &caption, unsigned int style), boost::signals2::last_value< bool > > ThreadSafeMessageBox
Show message box.
A hasher class for HMAC-SHA-512.
void Finalize(unsigned char hash[OUTPUT_SIZE])
CHMAC_SHA256 & Write(const unsigned char *data, size_t len)
UniValue execute(const JSONRPCRequest &request) const
Execute a method.
std::string ToString() const
void trigger(struct timeval *tv)
Trigger the event.
Simple one-shot callback timer to be used by the RPC mechanism to e.g.
HTTPRPCTimer(struct event_base *eventBase, boost::function< void(void)> &func, int64_t millis)
RPCTimerBase * NewTimer(boost::function< void(void)> &func, int64_t millis)
Factory function for timers.
const char * Name()
Implementation name.
HTTPRPCTimerInterface(struct event_base *_base)
void WriteReply(int nStatus, const std::string &strReply="")
Write HTTP reply.
std::string GetURI()
Get requested URI.
CService GetPeer()
Get CService (address:ip) for the origin of the http request.
std::pair< bool, std::string > GetHeader(const std::string &hdr)
Get the request header specified by hdr, or an empty string.
void WriteHeader(const std::string &hdr, const std::string &value)
Write output header.
std::string ReadBody()
Read request body.
RequestMethod GetRequestMethod()
Get request method.
void parse(const UniValue &valRequest)
Opaque base class for timers returned by NewTimerFunc.
bool read(const char *raw)
const UniValue & get_array() const
void InterruptHTTPRPC()
Interrupt HTTP RPC subsystem.
void StopHTTPRPC()
Stop HTTP RPC subsystem.
bool StartHTTPRPC()
Start HTTP RPC subsystem.
void UnregisterHTTPHandler(const std::string &prefix, bool exactMatch)
Unregister handler for prefix.
void RegisterHTTPHandler(const std::string &prefix, bool exactMatch, const HTTPRequestHandler &handler)
Register handler for prefix.
struct event_base * EventBase()
Return evhttp event base.
UniValue JSONRPCError(int code, const string &message)
bool GenerateAuthCookie(std::string *cookie_out)
Generate a new RPC authentication cookie and write it to disk.
string JSONRPCReply(const UniValue &result, const UniValue &error, const UniValue &id)
@ HTTP_INTERNAL_SERVER_ERROR
@ RPC_INVALID_REQUEST
Standard JSON-RPC 2.0 errors.
void RPCUnsetTimerInterface(RPCTimerInterface *iface)
Unset factory function for timers.
std::string JSONRPCExecBatch(const UniValue &vReq)
void RPCSetTimerInterface(RPCTimerInterface *iface)
Set the factory function for timers.
CClientUIInterface uiInterface
const UniValue & find_value(const UniValue &obj, const std::string &name)
const UniValue NullUniValue
std::string GetArg(const std::string &strArg, const std::string &strDefault)
Return string argument or default value.
const map< string, vector< string > > & mapMultiArgs
#define LogPrint(category,...)
std::string _(const char *psz)
Translation function: Call Translate signal on UI interface, which returns a boost::optional result.
vector< unsigned char > DecodeBase64(const char *p, bool *pfInvalid)
bool TimingResistantEqual(const T &a, const T &b)
Timing-attack-resistant comparison.
std::string HexStr(const T itbegin, const T itend, bool fSpaces=false)
void MilliSleep(int64_t n)