highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-11-11 14:38:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

[RPC] pass HTTP basic authentication username to the JSONRequest object

Browse Source
This commit is contained in:
Jonas Schnelli
2016-09-22 09:58:13 +02:00
parent 69d1c25768
commit e7156ad61b
3 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/httprpc.cpp
View File

@@ -127,7 +127,7 @@ static bool multiUserAuthorized(std::string strUserPass)
return false;
}
static bool RPCAuthorized(const std::string& strAuth)
static bool RPCAuthorized(const std::string& strAuth, std::string& strAuthUsernameOut)
{
if (strRPCUserColonPass.empty()) // Belt-and-suspenders measure if InitRPCAuthentication was not called
return false;
@@ -136,7 +136,10 @@ static bool RPCAuthorized(const std::string& strAuth)
std::string strUserPass64 = strAuth.substr(6);
boost::trim(strUserPass64);
std::string strUserPass = DecodeBase64(strUserPass64);
if (strUserPass.find(":") != std::string::npos)
strAuthUsernameOut = strUserPass.substr(0, strUserPass.find(":"));
//Check if authorized under single-user field
if (TimingResistantEqual(strUserPass, strRPCUserColonPass)) {
return true;
@@ -159,7 +162,8 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
return false;
}
if (!RPCAuthorized(authHeader.second)) {
JSONRPCRequest jreq;
if (!RPCAuthorized(authHeader.second, jreq.authUser)) {
LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", req->GetPeer().ToString());
/* Deter brute-forcing
@@ -172,7 +176,6 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
return false;
}
JSONRPCRequest jreq;
try {
// Parse request
UniValue valRequest;