Changeset View
Changeset View
Standalone View
Standalone View
src/httprpc.cpp
Show First 20 Lines • Show All 80 Lines • ▼ Show 20 Lines | static void JSONErrorReply(HTTPRequest *req, const UniValue &objError, | ||||
req->WriteReply(nStatus, strReply); | req->WriteReply(nStatus, strReply); | ||||
} | } | ||||
/* | /* | ||||
* This function checks username and password against -rpcauth entries from | * This function checks username and password against -rpcauth entries from | ||||
* config file. | * config file. | ||||
*/ | */ | ||||
static bool multiUserAuthorized(std::string strUserPass) { | static bool multiUserAuthorized(std::string strUserPass) { | ||||
if (strUserPass.find(":") == std::string::npos) { | if (strUserPass.find(':') == std::string::npos) { | ||||
return false; | return false; | ||||
} | } | ||||
std::string strUser = strUserPass.substr(0, strUserPass.find(":")); | std::string strUser = strUserPass.substr(0, strUserPass.find(':')); | ||||
std::string strPass = strUserPass.substr(strUserPass.find(":") + 1); | std::string strPass = strUserPass.substr(strUserPass.find(':') + 1); | ||||
for (const std::string &strRPCAuth : gArgs.GetArgs("-rpcauth")) { | for (const std::string &strRPCAuth : gArgs.GetArgs("-rpcauth")) { | ||||
// Search for multi-user login/pass "rpcauth" from config | // Search for multi-user login/pass "rpcauth" from config | ||||
std::vector<std::string> vFields; | std::vector<std::string> vFields; | ||||
boost::split(vFields, strRPCAuth, boost::is_any_of(":$")); | boost::split(vFields, strRPCAuth, boost::is_any_of(":$")); | ||||
if (vFields.size() != 3) { | if (vFields.size() != 3) { | ||||
// Incorrect formatting in config file | // Incorrect formatting in config file | ||||
continue; | continue; | ||||
Show All 35 Lines | static bool RPCAuthorized(Config &config, const std::string &strAuth, | ||||
if (strAuth.substr(0, 6) != "Basic ") { | if (strAuth.substr(0, 6) != "Basic ") { | ||||
return false; | return false; | ||||
} | } | ||||
std::string strUserPass64 = strAuth.substr(6); | std::string strUserPass64 = strAuth.substr(6); | ||||
boost::trim(strUserPass64); | boost::trim(strUserPass64); | ||||
std::string strUserPass = DecodeBase64(strUserPass64); | std::string strUserPass = DecodeBase64(strUserPass64); | ||||
if (strUserPass.find(":") != std::string::npos) { | if (strUserPass.find(':') != std::string::npos) { | ||||
strAuthUsernameOut = strUserPass.substr(0, strUserPass.find(":")); | strAuthUsernameOut = strUserPass.substr(0, strUserPass.find(':')); | ||||
} | } | ||||
// Check if authorized under single-user field | // Check if authorized under single-user field | ||||
if (TimingResistantEqual(strUserPass, config.GetRPCUserAndPassword())) { | if (TimingResistantEqual(strUserPass, config.GetRPCUserAndPassword())) { | ||||
return true; | return true; | ||||
} | } | ||||
return multiUserAuthorized(strUserPass); | return multiUserAuthorized(strUserPass); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 262 Lines • Show Last 20 Lines |