add a separate flag for enabling/disabling the rpc address whitelist
This commit is contained in:
parent
a616666541
commit
6cba9305ae
|
@ -310,6 +310,7 @@ main( int argc,
|
|||
peerSocketTOS,
|
||||
TR_DEFAULT_RPC_ENABLED,
|
||||
TR_DEFAULT_RPC_PORT,
|
||||
TR_DEFAULT_RPC_WHITELIST_ENABLED,
|
||||
TR_DEFAULT_RPC_WHITELIST,
|
||||
FALSE, "fnord", "potzrebie",
|
||||
TR_DEFAULT_PROXY_ENABLED,
|
||||
|
|
|
@ -33,25 +33,26 @@ static int closing = FALSE;
|
|||
static tr_handle * mySession;
|
||||
static char myConfigFilename[MAX_PATH_LENGTH];
|
||||
|
||||
#define KEY_BLOCKLIST "blocklist-enabled"
|
||||
#define KEY_DOWNLOAD_DIR "download-dir"
|
||||
#define KEY_ENCRYPTION "encryption"
|
||||
#define KEY_LAZY_BITFIELD "lazy-bitfield-enabled"
|
||||
#define KEY_PEER_LIMIT "max-peers-global"
|
||||
#define KEY_PEER_PORT "peer-port"
|
||||
#define KEY_PORT_FORWARDING "port-forwarding-enabled"
|
||||
#define KEY_PEX_ENABLED "pex-enabled"
|
||||
#define KEY_AUTH_REQUIRED "rpc-authentication-required"
|
||||
#define KEY_USERNAME "rpc-username"
|
||||
#define KEY_PASSWORD "rpc-password"
|
||||
#define KEY_WHITELIST "rpc-whitelist"
|
||||
#define KEY_RPC_PORT "rpc-port"
|
||||
#define KEY_DSPEED "download-limit"
|
||||
#define KEY_DSPEED_ENABLED "download-limit-enabled"
|
||||
#define KEY_USPEED "upload-limit"
|
||||
#define KEY_USPEED_ENABLED "upload-limit-enabled"
|
||||
#define KEY_BLOCKLIST "blocklist-enabled"
|
||||
#define KEY_DOWNLOAD_DIR "download-dir"
|
||||
#define KEY_ENCRYPTION "encryption"
|
||||
#define KEY_LAZY_BITFIELD "lazy-bitfield-enabled"
|
||||
#define KEY_PEER_LIMIT "max-peers-global"
|
||||
#define KEY_PEER_PORT "peer-port"
|
||||
#define KEY_PORT_FORWARDING "port-forwarding-enabled"
|
||||
#define KEY_PEX_ENABLED "pex-enabled"
|
||||
#define KEY_AUTH_REQUIRED "rpc-authentication-required"
|
||||
#define KEY_USERNAME "rpc-username"
|
||||
#define KEY_PASSWORD "rpc-password"
|
||||
#define KEY_WHITELIST "rpc-whitelist"
|
||||
#define KEY_WHITELIST_ENABLED "rpc-whitelist-enabled"
|
||||
#define KEY_RPC_PORT "rpc-port"
|
||||
#define KEY_DSPEED "download-limit"
|
||||
#define KEY_DSPEED_ENABLED "download-limit-enabled"
|
||||
#define KEY_USPEED "upload-limit"
|
||||
#define KEY_USPEED_ENABLED "upload-limit-enabled"
|
||||
|
||||
#define CONFIG_FILE "settings.json"
|
||||
#define CONFIG_FILE "settings.json"
|
||||
|
||||
/***
|
||||
**** Config File
|
||||
|
@ -169,6 +170,7 @@ session_init( const char * configDir,
|
|||
char mycwd[MAX_PATH_LENGTH];
|
||||
tr_benc state, *dict = NULL;
|
||||
int peerPort = -1, peers = -1;
|
||||
int whitelistEnabled = -1;
|
||||
int pexEnabled = -1;
|
||||
int fwdEnabled = -1;
|
||||
int upLimit = -1, upLimited = -1, downLimit = -1,
|
||||
|
@ -208,6 +210,8 @@ session_init( const char * configDir,
|
|||
TR_DEFAULT_BLOCKLIST_ENABLED );
|
||||
getConfigInt( dict, KEY_RPC_PORT, &rpcPort,
|
||||
TR_DEFAULT_RPC_PORT );
|
||||
getConfigInt( dict, KEY_WHITELIST_ENABLED, &whitelistEnabled,
|
||||
TR_DEFAULT_RPC_WHITELIST_ENABLED );
|
||||
getConfigStr( dict, KEY_WHITELIST, &whitelist,
|
||||
TR_DEFAULT_RPC_WHITELIST );
|
||||
getConfigInt( dict, KEY_AUTH_REQUIRED, &authRequired, FALSE );
|
||||
|
@ -231,8 +235,9 @@ session_init( const char * configDir,
|
|||
TR_MSG_INF, 0,
|
||||
blocklistEnabled,
|
||||
TR_DEFAULT_PEER_SOCKET_TOS,
|
||||
TRUE, rpcPort, whitelist, authRequired,
|
||||
username, password,
|
||||
TRUE, rpcPort,
|
||||
whitelistEnabled, whitelist,
|
||||
authRequired, username, password,
|
||||
TR_DEFAULT_PROXY_ENABLED,
|
||||
TR_DEFAULT_PROXY,
|
||||
TR_DEFAULT_PROXY_PORT,
|
||||
|
|
|
@ -484,6 +484,7 @@ main( int argc,
|
|||
pref_int_get( PREF_KEY_PEER_SOCKET_TOS ),
|
||||
pref_flag_get( PREF_KEY_RPC_ENABLED ),
|
||||
pref_int_get( PREF_KEY_RPC_PORT ),
|
||||
pref_flag_get( PREF_KEY_RPC_WHITELIST_ENABLED ),
|
||||
pref_string_get( PREF_KEY_RPC_WHITELIST ),
|
||||
pref_flag_get( PREF_KEY_RPC_AUTH_ENABLED ),
|
||||
pref_string_get( PREF_KEY_RPC_USERNAME ),
|
||||
|
@ -1197,6 +1198,10 @@ prefschanged( TrCore * core UNUSED,
|
|||
const char * s = pref_string_get( key );
|
||||
tr_sessionSetRPCWhitelist( tr, s );
|
||||
}
|
||||
else if( !strcmp( key, PREF_KEY_RPC_WHITELIST_ENABLED ) )
|
||||
{
|
||||
tr_sessionSetRPCWhitelistEnabled( tr, pref_flag_get( key ) );
|
||||
}
|
||||
else if( !strcmp( key, PREF_KEY_RPC_USERNAME ) )
|
||||
{
|
||||
const char * s = pref_string_get( key );
|
||||
|
|
|
@ -128,6 +128,8 @@ tr_prefs_init_global( void )
|
|||
pref_flag_set_default ( PREF_KEY_RPC_ENABLED, TR_DEFAULT_RPC_ENABLED );
|
||||
pref_int_set_default ( PREF_KEY_RPC_PORT, TR_DEFAULT_RPC_PORT );
|
||||
pref_string_set_default ( PREF_KEY_RPC_WHITELIST, TR_DEFAULT_RPC_WHITELIST );
|
||||
pref_flag_set_default ( PREF_KEY_RPC_WHITELIST_ENABLED, TR_DEFAULT_RPC_WHITELIST_ENABLED );
|
||||
|
||||
|
||||
rand = g_rand_new ( );
|
||||
for( i = 0; i < 16; ++i )
|
||||
|
@ -594,8 +596,10 @@ struct remote_page
|
|||
GtkWidget * remove_button;
|
||||
GSList * widgets;
|
||||
GSList * auth_widgets;
|
||||
GSList * whitelist_widgets;
|
||||
GtkToggleButton * rpc_tb;
|
||||
GtkToggleButton * auth_tb;
|
||||
GtkToggleButton * whitelist_tb;
|
||||
};
|
||||
|
||||
static void
|
||||
|
@ -686,6 +690,8 @@ refreshRPCSensitivity( struct remote_page * page )
|
|||
page->rpc_tb );
|
||||
const int auth_active = gtk_toggle_button_get_active(
|
||||
page->auth_tb );
|
||||
const int whitelist_active = gtk_toggle_button_get_active(
|
||||
page->whitelist_tb );
|
||||
GtkTreeSelection * sel = gtk_tree_view_get_selection( page->view );
|
||||
const int have_addr =
|
||||
gtk_tree_selection_get_selected( sel, NULL,
|
||||
|
@ -700,6 +706,10 @@ refreshRPCSensitivity( struct remote_page * page )
|
|||
gtk_widget_set_sensitive( GTK_WIDGET(
|
||||
l->data ), rpc_active && auth_active );
|
||||
|
||||
for( l = page->whitelist_widgets; l != NULL; l = l->next )
|
||||
gtk_widget_set_sensitive( GTK_WIDGET( l->data ),
|
||||
rpc_active && whitelist_active );
|
||||
|
||||
gtk_widget_set_sensitive( page->remove_button,
|
||||
rpc_active && have_addr && n_rules > 1 );
|
||||
}
|
||||
|
@ -760,6 +770,12 @@ webPage( GObject * core )
|
|||
gtk_box_pack_start( GTK_BOX( h ), w, FALSE, FALSE, 0 );
|
||||
hig_workarea_add_wide_control( t, &row, h );
|
||||
|
||||
/* port */
|
||||
w = new_spin_button( PREF_KEY_RPC_PORT, core, 0, 65535, 1 );
|
||||
page->widgets = g_slist_append( page->widgets, w );
|
||||
w = hig_workarea_add_row( t, &row, _( "Listening _port:" ), w, NULL );
|
||||
page->widgets = g_slist_append( page->widgets, w );
|
||||
|
||||
/* require authentication */
|
||||
s = _( "_Require username" );
|
||||
w = new_check_button( s, PREF_KEY_RPC_AUTH_ENABLED, core );
|
||||
|
@ -783,11 +799,13 @@ webPage( GObject * core )
|
|||
w = hig_workarea_add_row( t, &row, s, w, NULL );
|
||||
page->auth_widgets = g_slist_append( page->auth_widgets, w );
|
||||
|
||||
/* port */
|
||||
w = new_spin_button( PREF_KEY_RPC_PORT, core, 0, 65535, 1 );
|
||||
page->widgets = g_slist_append( page->widgets, w );
|
||||
w = hig_workarea_add_row( t, &row, _( "Listening _port:" ), w, NULL );
|
||||
/* require authentication */
|
||||
s = _( "Only allow the following IP _addresses to connect:" );
|
||||
w = new_check_button( s, PREF_KEY_RPC_WHITELIST_ENABLED, core );
|
||||
hig_workarea_add_wide_control( t, &row, w );
|
||||
page->whitelist_tb = GTK_TOGGLE_BUTTON( w );
|
||||
page->widgets = g_slist_append( page->widgets, w );
|
||||
g_signal_connect( w, "clicked", G_CALLBACK( onRPCToggled ), page );
|
||||
|
||||
/* access control list */
|
||||
{
|
||||
|
@ -806,7 +824,7 @@ webPage( GObject * core )
|
|||
g_signal_connect( w, "button-release-event",
|
||||
G_CALLBACK( on_tree_view_button_released ), NULL );
|
||||
|
||||
page->widgets = g_slist_append( page->widgets, w );
|
||||
page->whitelist_widgets = g_slist_append( page->whitelist_widgets, w );
|
||||
v = page->view = GTK_TREE_VIEW( w );
|
||||
gtk_tooltips_set_tip( tips, w,
|
||||
_(
|
||||
|
@ -833,11 +851,11 @@ webPage( GObject * core )
|
|||
gtk_tree_view_append_column( v, c );
|
||||
gtk_tree_view_set_headers_visible( v, FALSE );
|
||||
|
||||
s = _( "Allowed _IP Addresses:" );
|
||||
s = _( "Addresses:" );
|
||||
w = hig_workarea_add_row( t, &row, s, w, NULL );
|
||||
gtk_misc_set_alignment( GTK_MISC( w ), 0.0f, 0.0f );
|
||||
gtk_misc_set_padding( GTK_MISC( w ), 0, GUI_PAD );
|
||||
page->widgets = g_slist_append( page->widgets, w );
|
||||
page->whitelist_widgets = g_slist_append( page->whitelist_widgets, w );
|
||||
|
||||
h = gtk_hbox_new( TRUE, GUI_PAD );
|
||||
w = gtk_button_new_from_stock( GTK_STOCK_REMOVE );
|
||||
|
@ -847,7 +865,7 @@ webPage( GObject * core )
|
|||
onWhitelistSelectionChanged( sel, page );
|
||||
gtk_box_pack_start_defaults( GTK_BOX( h ), w );
|
||||
w = gtk_button_new_from_stock( GTK_STOCK_ADD );
|
||||
page->widgets = g_slist_append( page->widgets, w );
|
||||
page->whitelist_widgets = g_slist_append( page->whitelist_widgets, w );
|
||||
g_signal_connect( w, "clicked", G_CALLBACK( onAddWhitelistClicked ), page );
|
||||
gtk_box_pack_start_defaults( GTK_BOX( h ), w );
|
||||
w = gtk_hbox_new( FALSE, 0 );
|
||||
|
|
|
@ -66,6 +66,7 @@ GtkWidget * tr_prefs_dialog_new( GObject * core,
|
|||
#define PREF_KEY_RPC_PORT "rpc-port"
|
||||
#define PREF_KEY_RPC_ENABLED "rpc-enabled"
|
||||
#define PREF_KEY_RPC_WHITELIST "rpc-whitelist"
|
||||
#define PREF_KEY_RPC_WHITELIST_ENABLED "rpc-whitelist-enabled"
|
||||
#define PREF_KEY_RPC_AUTH_ENABLED "rpc-authentication-required"
|
||||
#define PREF_KEY_RPC_PASSWORD "rpc-password"
|
||||
#define PREF_KEY_RPC_USERNAME "rpc-username"
|
||||
|
|
|
@ -42,8 +42,9 @@
|
|||
|
||||
struct tr_rpc_server
|
||||
{
|
||||
unsigned int isEnabled : 1;
|
||||
unsigned int isPasswordEnabled : 1;
|
||||
unsigned int isEnabled : 1;
|
||||
unsigned int isPasswordEnabled : 1;
|
||||
unsigned int isWhitelistEnabled : 1;
|
||||
uint16_t port;
|
||||
struct evhttp * httpd;
|
||||
tr_handle * session;
|
||||
|
@ -367,6 +368,9 @@ isAddressAllowed( const tr_rpc_server * server,
|
|||
{
|
||||
const char * str;
|
||||
|
||||
if( !server->isWhitelistEnabled )
|
||||
return 1;
|
||||
|
||||
for( str = server->whitelist; str && *str; )
|
||||
{
|
||||
const char * delimiter = strchr( str, ',' );
|
||||
|
@ -411,7 +415,7 @@ handle_request( struct evhttp_request * req,
|
|||
}
|
||||
}
|
||||
|
||||
if( server->whitelist && !isAddressAllowed( server, req->remote_host ) )
|
||||
if( !isAddressAllowed( server, req->remote_host ) )
|
||||
{
|
||||
send_simple_response( req, 401, "Unauthorized IP Address" );
|
||||
}
|
||||
|
@ -550,6 +554,19 @@ tr_rpcGetWhitelist( const tr_rpc_server * server )
|
|||
return tr_strdup( server->whitelist ? server->whitelist : "" );
|
||||
}
|
||||
|
||||
void
|
||||
tr_rpcSetWhitelistEnabled( tr_rpc_server * server,
|
||||
int isEnabled )
|
||||
{
|
||||
server->isWhitelistEnabled = isEnabled != 0;
|
||||
}
|
||||
|
||||
int
|
||||
tr_rpcGetWhitelistEnabled( const tr_rpc_server * server )
|
||||
{
|
||||
return server->isWhitelistEnabled;
|
||||
}
|
||||
|
||||
/****
|
||||
***** PASSWORD
|
||||
****/
|
||||
|
@ -625,6 +642,7 @@ tr_rpc_server *
|
|||
tr_rpcInit( tr_handle * session,
|
||||
int isEnabled,
|
||||
uint16_t port,
|
||||
int isWhitelistEnabled,
|
||||
const char * whitelist,
|
||||
int isPasswordEnabled,
|
||||
const char * username,
|
||||
|
@ -638,6 +656,7 @@ tr_rpcInit( tr_handle * session,
|
|||
s->whitelist = tr_strdup( whitelist && *whitelist ? whitelist : TR_DEFAULT_RPC_WHITELIST );
|
||||
s->username = tr_strdup( username );
|
||||
s->password = tr_strdup( password );
|
||||
s->isWhitelistEnabled = isWhitelistEnabled != 0;
|
||||
s->isPasswordEnabled = isPasswordEnabled != 0;
|
||||
s->isEnabled = isEnabled != 0;
|
||||
if( isEnabled )
|
||||
|
|
|
@ -18,6 +18,7 @@ typedef struct tr_rpc_server tr_rpc_server;
|
|||
tr_rpc_server * tr_rpcInit( struct tr_handle * session,
|
||||
int isEnabled,
|
||||
uint16_t port,
|
||||
int isWhitelistEnabled,
|
||||
const char * whitelist,
|
||||
int isPasswordEnabled,
|
||||
const char * username,
|
||||
|
@ -39,6 +40,11 @@ int tr_rpcSetTest( const tr_rpc_server * server,
|
|||
const char * whitelist,
|
||||
char ** allocme_errmsg );
|
||||
|
||||
void tr_rpcSetWhitelistEnabled( tr_rpc_server * server,
|
||||
int isEnabled );
|
||||
|
||||
int tr_rpcGetWhitelistEnabled( const tr_rpc_server * server );
|
||||
|
||||
void tr_rpcSetWhitelist( tr_rpc_server * server,
|
||||
const char * whitelist );
|
||||
|
||||
|
|
|
@ -216,6 +216,7 @@ tr_sessionInitFull( const char * configDir,
|
|||
int peerSocketTOS,
|
||||
int rpcIsEnabled,
|
||||
uint16_t rpcPort,
|
||||
int rpcWhitelistIsEnabled,
|
||||
const char * rpcWhitelist,
|
||||
int rpcAuthIsEnabled,
|
||||
const char * rpcUsername,
|
||||
|
@ -294,7 +295,8 @@ tr_sessionInitFull( const char * configDir,
|
|||
tr_statsInit( h );
|
||||
|
||||
h->web = tr_webInit( h );
|
||||
h->rpcServer = tr_rpcInit( h, rpcIsEnabled, rpcPort, rpcWhitelist,
|
||||
h->rpcServer = tr_rpcInit( h, rpcIsEnabled, rpcPort,
|
||||
rpcWhitelistIsEnabled, rpcWhitelist,
|
||||
rpcAuthIsEnabled, rpcUsername, rpcPassword );
|
||||
|
||||
metainfoLookupRescan( h );
|
||||
|
@ -326,6 +328,7 @@ tr_sessionInit( const char * configDir,
|
|||
TR_DEFAULT_PEER_SOCKET_TOS,
|
||||
TR_DEFAULT_RPC_ENABLED,
|
||||
TR_DEFAULT_RPC_PORT,
|
||||
TR_DEFAULT_RPC_WHITELIST_ENABLED,
|
||||
TR_DEFAULT_RPC_WHITELIST,
|
||||
FALSE,
|
||||
"fnord",
|
||||
|
@ -1015,6 +1018,21 @@ tr_sessionGetRPCWhitelist( const tr_session * session )
|
|||
return tr_rpcGetWhitelist( session->rpcServer );
|
||||
}
|
||||
|
||||
void
|
||||
tr_sessionSetRPCWhitelistEnabled( tr_session * session,
|
||||
int isEnabled )
|
||||
{
|
||||
return tr_rpcSetWhitelistEnabled( session->rpcServer,
|
||||
isEnabled );
|
||||
}
|
||||
|
||||
int
|
||||
tr_sessionGetRPCWhitelistEnabled( const tr_session * session )
|
||||
{
|
||||
return tr_rpcGetWhitelistEnabled( session->rpcServer );
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
tr_sessionSetRPCPassword( tr_session * session,
|
||||
const char * password )
|
||||
|
|
|
@ -131,6 +131,8 @@ tr_proxy_type;
|
|||
/** @see tr_sessionInitFull */
|
||||
#define TR_DEFAULT_RPC_WHITELIST "127.0.0.1"
|
||||
/** @see tr_sessionInitFull */
|
||||
#define TR_DEFAULT_RPC_WHITELIST_ENABLED 0
|
||||
/** @see tr_sessionInitFull */
|
||||
#define TR_DEFAULT_PROXY_ENABLED 0
|
||||
/** @see tr_sessionInitFull */
|
||||
#define TR_DEFAULT_PROXY NULL
|
||||
|
@ -245,6 +247,7 @@ tr_encryption_mode;
|
|||
* @see TR_DEFAULT_RPC_ENABLED
|
||||
* @see TR_DEFAULT_RPC_PORT
|
||||
* @see TR_DEFAULT_RPC_WHITELIST
|
||||
* @see TR_DEFAULT_RPC_WHITELIST_ENABLED
|
||||
* @see tr_sessionClose()
|
||||
*/
|
||||
tr_handle * tr_sessionInitFull( const char * configDir,
|
||||
|
@ -266,6 +269,7 @@ tr_handle * tr_sessionInitFull( const char * configDir,
|
|||
int peerSocketTOS,
|
||||
int rpcIsEnabled,
|
||||
uint16_t rpcPort,
|
||||
int rpcWhitelistIsEnabled,
|
||||
const char * rpcWhitelist,
|
||||
int rpcPasswordIsEnabled,
|
||||
const char * rpcUsername,
|
||||
|
@ -361,6 +365,11 @@ void tr_sessionSetRPCWhitelist( tr_session * session,
|
|||
@see tr_sessionSetRPCWhitelist */
|
||||
char* tr_sessionGetRPCWhitelist( const tr_session * );
|
||||
|
||||
void tr_sessionSetRPCWhitelistEnabled( tr_session * session,
|
||||
int isEnabled );
|
||||
|
||||
int tr_sessionGetRPCWhitelistEnabled( const tr_session * session );
|
||||
|
||||
void tr_sessionSetRPCPassword( tr_session * session,
|
||||
const char * password );
|
||||
|
||||
|
|
Loading…
Reference in New Issue