diff --git a/src/globals.h b/src/globals.h --- a/src/globals.h +++ b/src/globals.h @@ -6,9 +6,18 @@ #define BITCOIN_GLOBALS_H #include +#include /** The largest block size this node will accept. */ extern uint64_t nMaxBlockSize; extern uint64_t nBlockPriorityPercentage; +/** RPC authentication configs */ + +// Pre-base64-encoded authentication token, with user and password separated +// by a colon. +extern std::string rpcUserAndPassword; +// CORS domain, the allowed Origin +extern std::string rpcCORSDomain; + #endif // BITCOIN_GLOBALS_H diff --git a/src/globals.cpp b/src/globals.cpp --- a/src/globals.cpp +++ b/src/globals.cpp @@ -9,3 +9,6 @@ uint64_t nMaxBlockSize = DEFAULT_MAX_BLOCK_SIZE; uint64_t nBlockPriorityPercentage = DEFAULT_BLOCK_PRIORITY_PERCENTAGE; + +std::string rpcUserAndPassword; +std::string rpcCORSDomain; diff --git a/src/httprpc.cpp b/src/httprpc.cpp --- a/src/httprpc.cpp +++ b/src/httprpc.cpp @@ -8,6 +8,7 @@ #include "chainparams.h" #include "config.h" #include "crypto/hmac_sha256.h" +#include "globals.h" #include "httpserver.h" #include "random.h" #include "rpc/protocol.h" @@ -55,12 +56,8 @@ struct event_base *base; }; -/* Pre-base64-encoded authentication token */ -static std::string strRPCUserColonPass; /* Stored RPC timer interface (for unregistration) */ static HTTPRPCTimerInterface *httpRPCTimerInterface = 0; -/* RPC CORS Domain, allowed Origin */ -static std::string strRPCCORSDomain; static void JSONErrorReply(HTTPRequest *req, const UniValue &objError, const UniValue &id) { @@ -128,7 +125,7 @@ static bool RPCAuthorized(const std::string &strAuth, std::string &strAuthUsernameOut) { // Belt-and-suspenders measure if InitRPCAuthentication was not called. - if (strRPCUserColonPass.empty()) { + if (rpcUserAndPassword.empty()) { return false; } @@ -145,7 +142,7 @@ } // Check if authorized under single-user field - if (TimingResistantEqual(strUserPass, strRPCUserColonPass)) { + if (TimingResistantEqual(strUserPass, rpcUserAndPassword)) { return true; } return multiUserAuthorized(strUserPass); @@ -166,7 +163,7 @@ // and terminate this set of steps. // Note: Always matching is acceptable since the list of origins can be // unbounded. - if (origin.second != strRPCCORSDomain) { + if (origin.second != rpcCORSDomain) { return false; } @@ -348,7 +345,7 @@ static bool InitRPCAuthentication() { if (gArgs.GetArg("-rpcpassword", "") == "") { LogPrintf("No rpcpassword set - using random cookie authentication\n"); - if (!GenerateAuthCookie(&strRPCUserColonPass)) { + if (!GenerateAuthCookie(&rpcUserAndPassword)) { // Same message as AbortNode. uiInterface.ThreadSafeMessageBox( _("Error: A fatal internal error occurred, see debug.log for " @@ -361,11 +358,11 @@ "deprecated. Locally-run instances may remove rpcuser to use " "cookie-based auth, or may be replaced with rpcauth. Please " "see share/rpcuser for rpcauth auth generation.\n"); - strRPCUserColonPass = gArgs.GetArg("-rpcuser", "") + ":" + - gArgs.GetArg("-rpcpassword", ""); + rpcUserAndPassword = gArgs.GetArg("-rpcuser", "") + ":" + + gArgs.GetArg("-rpcpassword", ""); } - strRPCCORSDomain = gArgs.GetArg("-rpccorsdomain", ""); + rpcCORSDomain = gArgs.GetArg("-rpccorsdomain", ""); return true; }