mirror of
https://github.com/dashpay/dash.git
synced 2024-12-25 12:02:48 +01:00
merge bitcoin#20461: Validate -rpcauth arguments
This commit is contained in:
parent
5cca21d73c
commit
700d494dc5
4
doc/release-notes-5112.md
Normal file
4
doc/release-notes-5112.md
Normal file
@ -0,0 +1,4 @@
|
||||
Updated settings
|
||||
----------------
|
||||
|
||||
- Passing an invalid `-rpcauth` argument now cause dashd to fail to start.
|
@ -68,6 +68,8 @@ private:
|
||||
static std::string strRPCUserColonPass;
|
||||
/* Stored RPC timer interface (for unregistration) */
|
||||
static std::unique_ptr<HTTPRPCTimerInterface> httpRPCTimerInterface;
|
||||
/* List of -rpcauth values */
|
||||
static std::vector<std::vector<std::string>> g_rpcauth;
|
||||
/* RPC Auth Whitelist */
|
||||
static std::map<std::string, std::set<std::string>> g_rpc_whitelist;
|
||||
static bool g_rpc_whitelist_default = false;
|
||||
@ -102,15 +104,7 @@ static bool multiUserAuthorized(std::string strUserPass)
|
||||
std::string strUser = strUserPass.substr(0, strUserPass.find(':'));
|
||||
std::string strPass = strUserPass.substr(strUserPass.find(':') + 1);
|
||||
|
||||
for (const std::string& strRPCAuth : gArgs.GetArgs("-rpcauth")) {
|
||||
//Search for multi-user login/pass "rpcauth" from config
|
||||
std::vector<std::string> vFields;
|
||||
boost::split(vFields, strRPCAuth, boost::is_any_of(":$"));
|
||||
if (vFields.size() != 3) {
|
||||
//Incorrect formatting in config file
|
||||
continue;
|
||||
}
|
||||
|
||||
for (const auto& vFields : g_rpcauth) {
|
||||
std::string strName = vFields[0];
|
||||
if (!TimingResistantEqual(strName, strUser)) {
|
||||
continue;
|
||||
@ -261,6 +255,16 @@ static bool InitRPCAuthentication()
|
||||
if (gArgs.GetArg("-rpcauth","") != "")
|
||||
{
|
||||
LogPrintf("Using rpcauth authentication.\n");
|
||||
for (const std::string& rpcauth : gArgs.GetArgs("-rpcauth")) {
|
||||
std::vector<std::string> fields;
|
||||
boost::split(fields, rpcauth, boost::is_any_of(":$"));
|
||||
if (fields.size() == 3) {
|
||||
g_rpcauth.push_back(fields);
|
||||
} else {
|
||||
LogPrintf("Invalid -rpcauth argument.\n");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
g_rpc_whitelist_default = gArgs.GetBoolArg("-rpcwhitelistdefault", gArgs.IsArgSet("-rpcwhitelist"));
|
||||
|
@ -198,11 +198,18 @@ class HTTPBasicsTest(BitcoinTestFramework):
|
||||
conn.close()
|
||||
|
||||
|
||||
self.log.info('Check that failure to write cookie file will abort the node gracefully')
|
||||
init_error = 'Error: Unable to start HTTP server. See debug log for details.'
|
||||
|
||||
self.log.info('Check -rpcauth are validated')
|
||||
# Empty -rpcauth= are ignored
|
||||
self.restart_node(0, extra_args=['-rpcauth='])
|
||||
self.stop_node(0)
|
||||
self.nodes[0].assert_start_raises_init_error(expected_msg=init_error, extra_args=['-rpcauth=foo'])
|
||||
self.nodes[0].assert_start_raises_init_error(expected_msg=init_error, extra_args=['-rpcauth=foo:bar'])
|
||||
|
||||
self.log.info('Check that failure to write cookie file will abort the node gracefully')
|
||||
cookie_file = os.path.join(get_datadir_path(self.options.tmpdir, 0), self.chain, '.cookie.tmp')
|
||||
os.mkdir(cookie_file)
|
||||
init_error = 'Error: Unable to start HTTP server. See debug log for details.'
|
||||
self.nodes[0].assert_start_raises_init_error(expected_msg=init_error)
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user