gitea-mirror/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2026-01-16 23:01:54 -08:00
Code Issues Packages Projects Releases Wiki Activity

Add rpc-restricted-bind-ip option

Browse Source 
Fixes #6369
This commit is contained in:
Howard Chu
2020-10-28 23:47:42 +00:00
parent 8b3b106ad1
commit 65903d2cfc
4 changed files with 55 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/rpc/rpc_args.cpp
View File

@@ -91,6 +91,8 @@ namespace cryptonote
rpc_args::descriptors::descriptors()
: rpc_bind_ip({"rpc-bind-ip", rpc_args::tr("Specify IP to bind RPC server"), "127.0.0.1"})
, rpc_bind_ipv6_address({"rpc-bind-ipv6-address", rpc_args::tr("Specify IPv6 address to bind RPC server"), "::1"})
, rpc_restricted_bind_ip({"rpc-restricted-bind-ip", rpc_args::tr("Specify IP to bind restricted RPC server"), "127.0.0.1"})
, rpc_restricted_bind_ipv6_address({"rpc-restricted-bind-ipv6-address", rpc_args::tr("Specify IPv6 address to bind restricted RPC server"), "::1"})
, rpc_use_ipv6({"rpc-use-ipv6", rpc_args::tr("Allow IPv6 for RPC"), false})
, rpc_ignore_ipv4({"rpc-ignore-ipv4", rpc_args::tr("Ignore unsuccessful IPv4 bind for RPC"), false})
, rpc_login({"rpc-login", rpc_args::tr("Specify username[:password] required for RPC server"), "", true})
@@ -113,6 +115,8 @@ namespace cryptonote
const descriptors arg{};
command_line::add_arg(desc, arg.rpc_bind_ip);
command_line::add_arg(desc, arg.rpc_bind_ipv6_address);
command_line::add_arg(desc, arg.rpc_restricted_bind_ip);
command_line::add_arg(desc, arg.rpc_restricted_bind_ipv6_address);
command_line::add_arg(desc, arg.rpc_use_ipv6);
command_line::add_arg(desc, arg.rpc_ignore_ipv4);
command_line::add_arg(desc, arg.rpc_login);
@@ -136,6 +140,8 @@ namespace cryptonote
config.bind_ip = command_line::get_arg(vm, arg.rpc_bind_ip);
config.bind_ipv6_address = command_line::get_arg(vm, arg.rpc_bind_ipv6_address);
config.restricted_bind_ip = command_line::get_arg(vm, arg.rpc_restricted_bind_ip);
config.restricted_bind_ipv6_address = command_line::get_arg(vm, arg.rpc_restricted_bind_ipv6_address);
config.use_ipv6 = command_line::get_arg(vm, arg.rpc_use_ipv6);
config.require_ipv4 = !command_line::get_arg(vm, arg.rpc_ignore_ipv4);
config.disable_rpc_ban = command_line::get_arg(vm, arg.disable_rpc_ban);
@@ -188,6 +194,34 @@ namespace cryptonote
return boost::none;
}
}
if (!config.restricted_bind_ip.empty())
{
// always parse IP here for error consistency
boost::system::error_code ec{};
boost::asio::ip::address::from_string(config.restricted_bind_ip, ec);
if (ec)
{
LOG_ERROR(tr("Invalid IP address given for --") << arg.rpc_restricted_bind_ip.name);
return boost::none;
}
}
if (!config.restricted_bind_ipv6_address.empty())
{
// allow square braces, but remove them here if present
if (config.restricted_bind_ipv6_address.find('[') != std::string::npos)
{
config.restricted_bind_ipv6_address = config.restricted_bind_ipv6_address.substr(1, config.restricted_bind_ipv6_address.size() - 2);
}
// always parse IP here for error consistency
boost::system::error_code ec{};
boost::asio::ip::address::from_string(config.restricted_bind_ipv6_address, ec);
if (ec)
{
LOG_ERROR(tr("Invalid IP address given for --") << arg.rpc_restricted_bind_ipv6_address.name);
return boost::none;
}
}
const char *env_rpc_login = nullptr;
const bool has_rpc_arg = command_line::has_arg(vm, arg.rpc_login);