Create limited RPC user.

[aakselrod]

The limited user is specified with the --rpclimituser and
--rpclimitpass options (or the equivalent in the config file).
The config struct and loadConfig() are updated to take the
new options into account. The limited user can have neither
the same username nor the same password as the admin user.

The package-level rpcLimit map in rpcserver.go specifies
the RPC commands accessible by limited users. This map
includes both HTTP/S and websocket commands.

The checkAuth function gets a new return parameter to
signify whether the user is authorized to change server
state. The result is passed to the jsonRPCRead function and
to the WebsocketHandler function in rpcwebsocket.go.

The wsClient struct is updated with an "isAdmin" field
signifying that the client is authorized to change server
state, written by WebsocketHandler and handleMessage.
The handleMessage function also checks the field to
allow or disallow an RPC call.

The following documentation files are updated:

• doc.go
• sample-btcd.conf
• docs/README.md
• docs/json_rpc_api.md
• docs/configure_rpc_server_listen_interfaces.md

[davecgh]

I haven't reviewed the code yet, but I did notice there are several documentation updates that will be needed that I don't see here:

• The sample-btcd.conf file to include the new options with appropriate comments
• The doc.go file to include the new options (this allows it to show up properly on GoDoc)
• docs/README.md Controlling and Querying section
• docs/json_rpc_api.md Authentication section
• docs/configure_rpc_server_listen_interfaces.md

[davecgh]

This one isn't read-only.

[davecgh]

@aakselrod: Thanks for the PR. It looks good overall. I think we'll want to debate the specific command list. I think ping is uncontested since it clearly isn't a read-only command, but I know @dajohi has mentioned some others which are technically read-only, but might be worth leaving out to enhance privacy.

[davecgh]

Not a big deal, but roauth should probably just be auth here as well since it's not read-only anymore.

[aakselrod]

Changed to auth from roauth.

[davecgh]

Alright, everything looks good! If you can squash/rebase it, I'll merge it.

[davecgh]

I've tested the following:

• Specifying the same username for limited/admin user causes an error on start as expected
• Specifying the same password for limited/admin user causes an error on start as expected
• The RPC server is disabled if neither set of credentials is provided
• The RPC server is enabled if only admin credentials are provided
• The RPC server is enabled if only limited credentials are provided
• The RPC server is enabled if both sets of credentials are provided
• Attempting to issue admin RPC commands against the limited credentials returns an error as expected
• Attempting to mix/match usernames and passwords fails credential checks as intended