diff --git a/iguana/exchanges/LP_commands.c b/iguana/exchanges/LP_commands.c index b5027ca90..0e76313fd 100644 --- a/iguana/exchanges/LP_commands.c +++ b/iguana/exchanges/LP_commands.c @@ -34,7 +34,7 @@ char *LP_numutxos() char *stats_JSON(void *ctx,char *myipaddr,int32_t pubsock,cJSON *argjson,char *remoteaddr,uint16_t port) // from rpc port { - char *method,*userpass,*base,*rel,*coin,*retstr = 0; int32_t changed,flag = 0; cJSON *retjson,*reqjson = 0; struct iguana_info *ptr; + char *method,*userpass,*base,*rel,*coin,*passphrase,*retstr = 0; int32_t authenticated=0,changed,flag = 0; cJSON *retjson,*reqjson = 0; struct iguana_info *ptr; method = jstr(argjson,"method"); if ( method != 0 && (strcmp(method,"addr_unspents") == 0 || strcmp(method,"uitem") == 0 || strcmp(method,"postutxos") == 0) ) return(0); @@ -184,9 +184,18 @@ jpg(srcfile, destfile, power2=7, passphrase, data="", required)\n\ jadd(retjson,"coins",LP_coinsjson(LP_showwif)); return(jprint(retjson,1)); } - if ( ((userpass= jstr(argjson,"userpass")) == 0 || strcmp(userpass,G.USERPASS) != 0) ) //strcmp(method,"passphrase") != 0 && + // if passphrase api and passphrase is right, ignore userpass, use hass of passphrase + if ( strcmp(method,"passphrase") == 0 && (passphrase= jstr(argjson,"passphrase")) != 0 ) + { + bits256 passhash; + vcalc_sha256(0,passhash.bytes,(uint8_t *)passphrase,(int32_t)strlen(passphrase)); + if ( bits256_cmp(passhash,G.LP_passhash) == 0 ) + authenticated = 1; + } + if ( authenticated == 0 && ((userpass= jstr(argjson,"userpass")) == 0 || strcmp(userpass,G.USERPASS) != 0) ) return(clonestr("{\"error\":\"authentication error you need to make sure userpass is set\"}")); - jdelete(argjson,"userpass"); + if ( jobj(argjson,"userpass") != 0 ) + jdelete(argjson,"userpass"); if ( strcmp(method,"passphrase") == 0 ) { char coinaddr[64],pub33str[67]; diff --git a/iguana/exchanges/LP_nativeDEX.c b/iguana/exchanges/LP_nativeDEX.c index 065157f81..386d4ea0c 100644 --- a/iguana/exchanges/LP_nativeDEX.c +++ b/iguana/exchanges/LP_nativeDEX.c @@ -111,7 +111,7 @@ struct LP_privkey { bits256 privkey; uint8_t rmd160[20]; }; struct LP_globals { //struct LP_utxoinfo *LP_utxoinfos[2],*LP_utxoinfos2[2]; - bits256 LP_mypub25519,LP_privkey,LP_mypriv25519; + bits256 LP_mypub25519,LP_privkey,LP_mypriv25519,LP_passhash; uint64_t LP_skipstatus[10000]; uint8_t LP_myrmd160[20],LP_pubsecp[33]; uint32_t LP_sessionid,counter; diff --git a/iguana/exchanges/LP_privkey.c b/iguana/exchanges/LP_privkey.c index 342ef0bc9..644fdb022 100644 --- a/iguana/exchanges/LP_privkey.c +++ b/iguana/exchanges/LP_privkey.c @@ -362,6 +362,7 @@ int32_t LP_passphrase_init(char *passphrase,char *gui) sleep(5); } memset(&G,0,sizeof(G)); + vcalc_sha256(0,G.LP_passhash.bytes,(uint8_t *)passphrase,(int32_t)strlen(passphrase)); LP_privkey_updates(ctx,LP_mypubsock,passphrase); init_hexbytes_noT(G.LP_myrmd160str,G.LP_myrmd160,20); G.LP_sessionid = (uint32_t)time(NULL);