/root/bitcoin/src/httprpc.cpp
Line | Count | Source |
1 | | // Copyright (c) 2015-2022 The Bitcoin Core developers |
2 | | // Distributed under the MIT software license, see the accompanying |
3 | | // file COPYING or http://www.opensource.org/licenses/mit-license.php. |
4 | | |
5 | | #include <httprpc.h> |
6 | | |
7 | | #include <common/args.h> |
8 | | #include <crypto/hmac_sha256.h> |
9 | | #include <httpserver.h> |
10 | | #include <logging.h> |
11 | | #include <netaddress.h> |
12 | | #include <rpc/protocol.h> |
13 | | #include <rpc/server.h> |
14 | | #include <util/fs.h> |
15 | | #include <util/fs_helpers.h> |
16 | | #include <util/strencodings.h> |
17 | | #include <util/string.h> |
18 | | #include <walletinitinterface.h> |
19 | | |
20 | | #include <algorithm> |
21 | | #include <iterator> |
22 | | #include <map> |
23 | | #include <memory> |
24 | | #include <optional> |
25 | | #include <set> |
26 | | #include <string> |
27 | | #include <vector> |
28 | | |
29 | | using util::SplitString; |
30 | | using util::TrimStringView; |
31 | | |
32 | | /** WWW-Authenticate to present with 401 Unauthorized response */ |
33 | | static const char* WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\""; |
34 | | |
35 | | /* List of -rpcauth values */ |
36 | | static std::vector<std::vector<std::string>> g_rpcauth; |
37 | | /* RPC Auth Whitelist */ |
38 | | static std::map<std::string, std::set<std::string>> g_rpc_whitelist; |
39 | | static bool g_rpc_whitelist_default = false; |
40 | | |
41 | | static void JSONErrorReply(HTTPRequest* req, UniValue objError, const JSONRPCRequest& jreq) |
42 | 0 | { |
43 | | // Sending HTTP errors is a legacy JSON-RPC behavior. |
44 | 0 | Assume(jreq.m_json_version != JSONRPCVersion::V2); |
45 | | |
46 | | // Send error reply from json-rpc error object |
47 | 0 | int nStatus = HTTP_INTERNAL_SERVER_ERROR; |
48 | 0 | int code = objError.find_value("code").getInt<int>(); |
49 | |
|
50 | 0 | if (code == RPC_INVALID_REQUEST) |
51 | 0 | nStatus = HTTP_BAD_REQUEST; |
52 | 0 | else if (code == RPC_METHOD_NOT_FOUND) |
53 | 0 | nStatus = HTTP_NOT_FOUND; |
54 | |
|
55 | 0 | std::string strReply = JSONRPCReplyObj(NullUniValue, std::move(objError), jreq.id, jreq.m_json_version).write() + "\n"; |
56 | |
|
57 | 0 | req->WriteHeader("Content-Type", "application/json"); |
58 | 0 | req->WriteReply(nStatus, strReply); |
59 | 0 | } |
60 | | |
61 | | //This function checks username and password against -rpcauth |
62 | | //entries from config file. |
63 | | static bool CheckUserAuthorized(std::string_view user, std::string_view pass) |
64 | 0 | { |
65 | 0 | for (const auto& fields : g_rpcauth) { |
66 | 0 | if (!TimingResistantEqual(std::string_view(fields[0]), user)) { |
67 | 0 | continue; |
68 | 0 | } |
69 | | |
70 | 0 | const std::string& salt = fields[1]; |
71 | 0 | const std::string& hash = fields[2]; |
72 | |
|
73 | 0 | std::array<unsigned char, CHMAC_SHA256::OUTPUT_SIZE> out; |
74 | 0 | CHMAC_SHA256(UCharCast(salt.data()), salt.size()).Write(UCharCast(pass.data()), pass.size()).Finalize(out.data()); |
75 | 0 | std::string hash_from_pass = HexStr(out); |
76 | |
|
77 | 0 | if (TimingResistantEqual(hash_from_pass, hash)) { |
78 | 0 | return true; |
79 | 0 | } |
80 | 0 | } |
81 | 0 | return false; |
82 | 0 | } |
83 | | |
84 | | static bool RPCAuthorized(const std::string& strAuth, std::string& strAuthUsernameOut) |
85 | 0 | { |
86 | 0 | if (!strAuth.starts_with("Basic ")) |
87 | 0 | return false; |
88 | 0 | std::string_view strUserPass64 = TrimStringView(std::string_view{strAuth}.substr(6)); |
89 | 0 | auto userpass_data = DecodeBase64(strUserPass64); |
90 | 0 | std::string strUserPass; |
91 | 0 | if (!userpass_data) return false; |
92 | 0 | strUserPass.assign(userpass_data->begin(), userpass_data->end()); |
93 | |
|
94 | 0 | size_t colon_pos = strUserPass.find(':'); |
95 | 0 | if (colon_pos == std::string::npos) { |
96 | 0 | return false; // Invalid basic auth. |
97 | 0 | } |
98 | 0 | std::string user = strUserPass.substr(0, colon_pos); |
99 | 0 | std::string pass = strUserPass.substr(colon_pos + 1); |
100 | 0 | strAuthUsernameOut = user; |
101 | 0 | return CheckUserAuthorized(user, pass); |
102 | 0 | } |
103 | | |
104 | | static bool HTTPReq_JSONRPC(const std::any& context, HTTPRequest* req) |
105 | 0 | { |
106 | | // JSONRPC handles only POST |
107 | 0 | if (req->GetRequestMethod() != HTTPRequest::POST) { |
108 | 0 | req->WriteReply(HTTP_BAD_METHOD, "JSONRPC server handles only POST requests"); |
109 | 0 | return false; |
110 | 0 | } |
111 | | // Check authorization |
112 | 0 | std::pair<bool, std::string> authHeader = req->GetHeader("authorization"); |
113 | 0 | if (!authHeader.first) { |
114 | 0 | req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA); |
115 | 0 | req->WriteReply(HTTP_UNAUTHORIZED); |
116 | 0 | return false; |
117 | 0 | } |
118 | | |
119 | 0 | JSONRPCRequest jreq; |
120 | 0 | jreq.context = context; |
121 | 0 | jreq.peerAddr = req->GetPeer().ToStringAddrPort(); |
122 | 0 | if (!RPCAuthorized(authHeader.second, jreq.authUser)) { |
123 | 0 | LogPrintf("ThreadRPCServer incorrect password attempt from %s\n", jreq.peerAddr); |
124 | | |
125 | | /* Deter brute-forcing |
126 | | If this results in a DoS the user really |
127 | | shouldn't have their RPC port exposed. */ |
128 | 0 | UninterruptibleSleep(std::chrono::milliseconds{250}); |
129 | |
|
130 | 0 | req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA); |
131 | 0 | req->WriteReply(HTTP_UNAUTHORIZED); |
132 | 0 | return false; |
133 | 0 | } |
134 | | |
135 | 0 | try { |
136 | | // Parse request |
137 | 0 | UniValue valRequest; |
138 | 0 | if (!valRequest.read(req->ReadBody())) |
139 | 0 | throw JSONRPCError(RPC_PARSE_ERROR, "Parse error"); |
140 | | |
141 | | // Set the URI |
142 | 0 | jreq.URI = req->GetURI(); |
143 | |
|
144 | 0 | UniValue reply; |
145 | 0 | bool user_has_whitelist = g_rpc_whitelist.count(jreq.authUser); |
146 | 0 | if (!user_has_whitelist && g_rpc_whitelist_default) { |
147 | 0 | LogPrintf("RPC User %s not allowed to call any methods\n", jreq.authUser); |
148 | 0 | req->WriteReply(HTTP_FORBIDDEN); |
149 | 0 | return false; |
150 | | |
151 | | // singleton request |
152 | 0 | } else if (valRequest.isObject()) { |
153 | 0 | jreq.parse(valRequest); |
154 | 0 | if (user_has_whitelist && !g_rpc_whitelist[jreq.authUser].count(jreq.strMethod)) { |
155 | 0 | LogPrintf("RPC User %s not allowed to call method %s\n", jreq.authUser, jreq.strMethod); |
156 | 0 | req->WriteReply(HTTP_FORBIDDEN); |
157 | 0 | return false; |
158 | 0 | } |
159 | | |
160 | | // Legacy 1.0/1.1 behavior is for failed requests to throw |
161 | | // exceptions which return HTTP errors and RPC errors to the client. |
162 | | // 2.0 behavior is to catch exceptions and return HTTP success with |
163 | | // RPC errors, as long as there is not an actual HTTP server error. |
164 | 0 | const bool catch_errors{jreq.m_json_version == JSONRPCVersion::V2}; |
165 | 0 | reply = JSONRPCExec(jreq, catch_errors); |
166 | |
|
167 | 0 | if (jreq.IsNotification()) { |
168 | | // Even though we do execute notifications, we do not respond to them |
169 | 0 | req->WriteReply(HTTP_NO_CONTENT); |
170 | 0 | return true; |
171 | 0 | } |
172 | | |
173 | | // array of requests |
174 | 0 | } else if (valRequest.isArray()) { |
175 | | // Check authorization for each request's method |
176 | 0 | if (user_has_whitelist) { |
177 | 0 | for (unsigned int reqIdx = 0; reqIdx < valRequest.size(); reqIdx++) { |
178 | 0 | if (!valRequest[reqIdx].isObject()) { |
179 | 0 | throw JSONRPCError(RPC_INVALID_REQUEST, "Invalid Request object"); |
180 | 0 | } else { |
181 | 0 | const UniValue& request = valRequest[reqIdx].get_obj(); |
182 | | // Parse method |
183 | 0 | std::string strMethod = request.find_value("method").get_str(); |
184 | 0 | if (!g_rpc_whitelist[jreq.authUser].count(strMethod)) { |
185 | 0 | LogPrintf("RPC User %s not allowed to call method %s\n", jreq.authUser, strMethod); |
186 | 0 | req->WriteReply(HTTP_FORBIDDEN); |
187 | 0 | return false; |
188 | 0 | } |
189 | 0 | } |
190 | 0 | } |
191 | 0 | } |
192 | | |
193 | | // Execute each request |
194 | 0 | reply = UniValue::VARR; |
195 | 0 | for (size_t i{0}; i < valRequest.size(); ++i) { |
196 | | // Batches never throw HTTP errors, they are always just included |
197 | | // in "HTTP OK" responses. Notifications never get any response. |
198 | 0 | UniValue response; |
199 | 0 | try { |
200 | 0 | jreq.parse(valRequest[i]); |
201 | 0 | response = JSONRPCExec(jreq, /*catch_errors=*/true); |
202 | 0 | } catch (UniValue& e) { |
203 | 0 | response = JSONRPCReplyObj(NullUniValue, std::move(e), jreq.id, jreq.m_json_version); |
204 | 0 | } catch (const std::exception& e) { |
205 | 0 | response = JSONRPCReplyObj(NullUniValue, JSONRPCError(RPC_PARSE_ERROR, e.what()), jreq.id, jreq.m_json_version); |
206 | 0 | } |
207 | 0 | if (!jreq.IsNotification()) { |
208 | 0 | reply.push_back(std::move(response)); |
209 | 0 | } |
210 | 0 | } |
211 | | // Return no response for an all-notification batch, but only if the |
212 | | // batch request is non-empty. Technically according to the JSON-RPC |
213 | | // 2.0 spec, an empty batch request should also return no response, |
214 | | // However, if the batch request is empty, it means the request did |
215 | | // not contain any JSON-RPC version numbers, so returning an empty |
216 | | // response could break backwards compatibility with old RPC clients |
217 | | // relying on previous behavior. Return an empty array instead of an |
218 | | // empty response in this case to favor being backwards compatible |
219 | | // over complying with the JSON-RPC 2.0 spec in this case. |
220 | 0 | if (reply.size() == 0 && valRequest.size() > 0) { |
221 | 0 | req->WriteReply(HTTP_NO_CONTENT); |
222 | 0 | return true; |
223 | 0 | } |
224 | 0 | } |
225 | 0 | else |
226 | 0 | throw JSONRPCError(RPC_PARSE_ERROR, "Top-level object parse error"); |
227 | | |
228 | 0 | req->WriteHeader("Content-Type", "application/json"); |
229 | 0 | req->WriteReply(HTTP_OK, reply.write() + "\n"); |
230 | 0 | } catch (UniValue& e) { |
231 | 0 | JSONErrorReply(req, std::move(e), jreq); |
232 | 0 | return false; |
233 | 0 | } catch (const std::exception& e) { |
234 | 0 | JSONErrorReply(req, JSONRPCError(RPC_PARSE_ERROR, e.what()), jreq); |
235 | 0 | return false; |
236 | 0 | } |
237 | 0 | return true; |
238 | 0 | } |
239 | | |
240 | | static bool InitRPCAuthentication() |
241 | 0 | { |
242 | 0 | std::string user; |
243 | 0 | std::string pass; |
244 | |
|
245 | 0 | if (gArgs.GetArg("-rpcpassword", "") == "") |
246 | 0 | { |
247 | 0 | std::optional<fs::perms> cookie_perms{std::nullopt}; |
248 | 0 | auto cookie_perms_arg{gArgs.GetArg("-rpccookieperms")}; |
249 | 0 | if (cookie_perms_arg) { |
250 | 0 | auto perm_opt = InterpretPermString(*cookie_perms_arg); |
251 | 0 | if (!perm_opt) { |
252 | 0 | LogError("Invalid -rpccookieperms=%s; must be one of 'owner', 'group', or 'all'.", *cookie_perms_arg); |
253 | 0 | return false; |
254 | 0 | } |
255 | 0 | cookie_perms = *perm_opt; |
256 | 0 | } |
257 | | |
258 | 0 | switch (GenerateAuthCookie(cookie_perms, user, pass)) { |
259 | 0 | case GenerateAuthCookieResult::ERR: |
260 | 0 | return false; |
261 | 0 | case GenerateAuthCookieResult::DISABLED: |
262 | 0 | LogInfo("RPC authentication cookie file generation is disabled."); |
263 | 0 | break; |
264 | 0 | case GenerateAuthCookieResult::OK: |
265 | 0 | LogInfo("Using random cookie authentication."); |
266 | 0 | break; |
267 | 0 | } |
268 | 0 | } else { |
269 | 0 | LogInfo("Using rpcuser/rpcpassword authentication."); |
270 | 0 | LogWarning("The use of rpcuser/rpcpassword is less secure, because credentials are configured in plain text. It is recommended that locally-run instances switch to cookie-based auth, or otherwise to use hashed rpcauth credentials. See share/rpcauth in the source directory for more information."); |
271 | 0 | user = gArgs.GetArg("-rpcuser", ""); |
272 | 0 | pass = gArgs.GetArg("-rpcpassword", ""); |
273 | 0 | } |
274 | | |
275 | | // If there is a plaintext credential, hash it with a random salt before storage. |
276 | 0 | if (!user.empty() || !pass.empty()) { |
277 | | // Generate a random 16 byte hex salt. |
278 | 0 | std::array<unsigned char, 16> raw_salt; |
279 | 0 | GetStrongRandBytes(raw_salt); |
280 | 0 | std::string salt = HexStr(raw_salt); |
281 | | |
282 | | // Compute HMAC. |
283 | 0 | std::array<unsigned char, CHMAC_SHA256::OUTPUT_SIZE> out; |
284 | 0 | CHMAC_SHA256(UCharCast(salt.data()), salt.size()).Write(UCharCast(pass.data()), pass.size()).Finalize(out.data()); |
285 | 0 | std::string hash = HexStr(out); |
286 | |
|
287 | 0 | g_rpcauth.push_back({user, salt, hash}); |
288 | 0 | } |
289 | |
|
290 | 0 | if (!gArgs.GetArgs("-rpcauth").empty()) { |
291 | 0 | LogInfo("Using rpcauth authentication.\n"); |
292 | 0 | for (const std::string& rpcauth : gArgs.GetArgs("-rpcauth")) { |
293 | 0 | std::vector<std::string> fields{SplitString(rpcauth, ':')}; |
294 | 0 | const std::vector<std::string> salt_hmac{SplitString(fields.back(), '$')}; |
295 | 0 | if (fields.size() == 2 && salt_hmac.size() == 2) { |
296 | 0 | fields.pop_back(); |
297 | 0 | fields.insert(fields.end(), salt_hmac.begin(), salt_hmac.end()); |
298 | 0 | g_rpcauth.push_back(fields); |
299 | 0 | } else { |
300 | 0 | LogPrintf("Invalid -rpcauth argument.\n"); |
301 | 0 | return false; |
302 | 0 | } |
303 | 0 | } |
304 | 0 | } |
305 | | |
306 | 0 | g_rpc_whitelist_default = gArgs.GetBoolArg("-rpcwhitelistdefault", !gArgs.GetArgs("-rpcwhitelist").empty()); |
307 | 0 | for (const std::string& strRPCWhitelist : gArgs.GetArgs("-rpcwhitelist")) { |
308 | 0 | auto pos = strRPCWhitelist.find(':'); |
309 | 0 | std::string strUser = strRPCWhitelist.substr(0, pos); |
310 | 0 | bool intersect = g_rpc_whitelist.count(strUser); |
311 | 0 | std::set<std::string>& whitelist = g_rpc_whitelist[strUser]; |
312 | 0 | if (pos != std::string::npos) { |
313 | 0 | std::string strWhitelist = strRPCWhitelist.substr(pos + 1); |
314 | 0 | std::vector<std::string> whitelist_split = SplitString(strWhitelist, ", "); |
315 | 0 | std::set<std::string> new_whitelist{ |
316 | 0 | std::make_move_iterator(whitelist_split.begin()), |
317 | 0 | std::make_move_iterator(whitelist_split.end())}; |
318 | 0 | if (intersect) { |
319 | 0 | std::set<std::string> tmp_whitelist; |
320 | 0 | std::set_intersection(new_whitelist.begin(), new_whitelist.end(), |
321 | 0 | whitelist.begin(), whitelist.end(), std::inserter(tmp_whitelist, tmp_whitelist.end())); |
322 | 0 | new_whitelist = std::move(tmp_whitelist); |
323 | 0 | } |
324 | 0 | whitelist = std::move(new_whitelist); |
325 | 0 | } |
326 | 0 | } |
327 | |
|
328 | 0 | return true; |
329 | 0 | } |
330 | | |
331 | | bool StartHTTPRPC(const std::any& context) |
332 | 0 | { |
333 | 0 | LogDebug(BCLog::RPC, "Starting HTTP RPC server\n"); |
334 | 0 | if (!InitRPCAuthentication()) |
335 | 0 | return false; |
336 | | |
337 | 0 | auto handle_rpc = [context](HTTPRequest* req, const std::string&) { return HTTPReq_JSONRPC(context, req); }; |
338 | 0 | RegisterHTTPHandler("/", true, handle_rpc); |
339 | 0 | if (g_wallet_init_interface.HasWalletSupport()) { |
340 | 0 | RegisterHTTPHandler("/wallet/", false, handle_rpc); |
341 | 0 | } |
342 | 0 | struct event_base* eventBase = EventBase(); |
343 | 0 | assert(eventBase); |
344 | 0 | return true; |
345 | 0 | } |
346 | | |
347 | | void InterruptHTTPRPC() |
348 | 0 | { |
349 | 0 | LogDebug(BCLog::RPC, "Interrupting HTTP RPC server\n"); |
350 | 0 | } |
351 | | |
352 | | void StopHTTPRPC() |
353 | 0 | { |
354 | 0 | LogDebug(BCLog::RPC, "Stopping HTTP RPC server\n"); |
355 | 0 | UnregisterHTTPHandler("/", true); |
356 | 0 | if (g_wallet_init_interface.HasWalletSupport()) { |
357 | 0 | UnregisterHTTPHandler("/wallet/", false); |
358 | 0 | } |
359 | 0 | } |