GOSTSec/sgminer
1
0
Fork 0
mirror of https://github.com/GOSTSec/sgminer synced 2025-01-18 18:50:00 +00:00
Code Issues Releases Wiki Activity

Merge pull request #124 from kanoi/master

Browse Source 
API commits - IP 0/0 means all, add "Log Interval" to config, restrict access to modify commands
This commit is contained in:
Con Kolivas 2012-02-21 02:49:25 -08:00
commit 2ca8d38e0e
4 changed files with 164 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
README
View File

@ -119,10 +119,13 @@ Usage instructions: Run "cgminer --help" to see options:
Usage: . [-atDdGCgIKklmpPQqrRsTouvwOchnV]
Options for both config file and command line:
--api-allow Allow API access (if enabled) only to the given list of IP[/Prefix] address[/subnets]
--api-allow Allow API access (if enabled) only to the given list of [W:]IP[/Prefix] address[/subnets]
This overrides --api-network and you must specify 127.0.0.1 if it is required
W: in front of the IP address gives that address privileged access to all api commands
--api-description Description placed in the API status header (default: cgminer version)
--api-listen Listen for API requests (default: disabled)
By default any command that does not just display data returns access denied
See --api-allow to overcome this
--api-network Allow API (if enabled) to listen on/for any address (default: only 127.0.0.1)
--api-port Port number of miner API (default: 4028)
--auto-fan Automatically adjust all GPU fan speeds to maintain a target temperature
@ -537,11 +540,22 @@ running cgminer and reply with a string and then close the socket each time
If you add the "--api-network" option, it will accept API requests from any
network attached computer.
You can only access the comands that reply with data in this mode.
By default, you cannot access any privileged command that affects the miner -
you will receive an access denied status message see --api-access below.
You can specify IP addresses/prefixes that are only allowed to access the API
with the "--api-access" option e.g. --api-access 192.168.0.1,10.0.0/24
with the "--api-access" option e.g. --api-access W:192.168.0.1,10.0.0/24
will allow 192.168.0.1 or any address matching 10.0.0.*, but nothing else
IP addresses are automatically padded with extra '.0's as needed
Without a /prefix is the same as specifying /32
0/0 means all IP addresses.
The 'W:' on the front gives that address/subnet privileged access to commands
that modify cgminer.
Without it those commands return an access denied status.
Privileged access is checked in the order the IP addresses were supplied to
"--api-access"
The first match determines the privilege level.
Using the "--api-access" option overides the "--api-network" option if they
are both specified
With "--api-access", 127.0.0.1 is not by default given access unless specified
@ -584,7 +598,9 @@ The STATUS section is:
This defaults to the cgminer version but is the value of --api-description
if it was specified at runtime.
The list of requests and replies are:
For API version 1.2:
The list of requests - a (*) means it requires privileged access - and replies are:
Request Reply Section Details
------- ------------- -------
@ -597,7 +613,8 @@ The list of requests and replies are:
Pool Count=N, <- the number of Pools
ADL=X, <- Y or N if ADL is compiled in the code
ADL in use=X, <- Y or N if any GPU has ADL
Strategy=Name| <- the current pool strategy
Strategy=Name, <- the current pool strategy
Log Interval=N| <- log interval (--log N)
summary SUMMARY The status summary of the miner
e.g. Elapsed=NNN,Found Blocks=N,Getworks=N,...|
@ -625,42 +642,58 @@ The list of requests and replies are:
cpucount CPUS Count=N| <- the number of CPUs
Always returns 0 if CPU mining is disabled
switchpool|N none There is no reply section just the STATUS section
switchpool|N (*)
none There is no reply section just the STATUS section
stating the results of switching pool N to the
highest priority (the pool is also enabled)
The Msg includes the pool URL
gpuenable|N none There is no reply section just the STATUS section
gpuenable|N (*)
none There is no reply section just the STATUS section
stating the results of the enable request
gpudisable|N none There is no reply section just the STATUS section
gpudisable|N (*)
none There is no reply section just the STATUS section
stating the results of the disable request
gpurestart|N none There is no reply section just the STATUS section
gpurestart|N (*)
none There is no reply section just the STATUS section
stating the results of the restart request
gpuintensity|N,I none There is no reply section just the STATUS section
gpuintensity|N,I (*)
none There is no reply section just the STATUS section
stating the results of setting GPU N intensity to I
gpumem|N,V none There is no reply section just the STATUS section
gpumem|N,V (*)
none There is no reply section just the STATUS section
stating the results of setting GPU N memoryclock to V MHz
gpuengine|N,V none There is no reply section just the STATUS section
gpuengine|N,V (*)
none There is no reply section just the STATUS section
stating the results of setting GPU N clock to V MHz
gpufan|N,V none There is no reply section just the STATUS section
gpufan|N,V (*)
none There is no reply section just the STATUS section
stating the results of setting GPU N fan speed to V%
gpuvddc|N,V none There is no reply section just the STATUS section
gpuvddc|N,V (*)
none There is no reply section just the STATUS section
stating the results of setting GPU N vddc to V
save|filename none There is no reply section just the STATUS section
save|filename (*)
none There is no reply section just the STATUS section
stating success or failure saving the cgminer config
to filename
quit none There is no status section but just a single "BYE|"
quit (*) none There is no status section but just a single "BYE|"
reply before cgminer quits
privileged (*)
none There is no reply section just the STATUS section
stating an error if you do not have privileged access
to the API and success if you do have privilege
The command doesn't change anything in cgminer
When you enable, disable or restart a GPU, you will also get Thread messages in
the cgminer status window
@ -694,8 +727,7 @@ api-example.c - a 'C' program to access the API (with source code)
api-example summary 127.0.0.1 4028
miner.php - an example web page to access the API
This includes buttons to enable, disable and restart the GPUs and also to
quit cgminer
This includes buttons and inputs to attempt access to the privileged commands
You must modify the 2 lines near the top to change where it looks for cgminer
$miner = '127.0.0.1'; # hostname or IP address
$port = 4028;

181
api.c
View File

@ -11,6 +11,7 @@
#include "config.h"
#include <stdio.h>
#include <ctype.h>
#include <stdlib.h>
#include <string.h>
#include <stdbool.h>
@ -151,7 +152,7 @@ static const char *COMMA = ",";
static const char SEPARATOR = '|';
static const char GPUSEP = ',';
static const char *APIVERSION = "1.1";
static const char *APIVERSION = "1.2";
static const char *DEAD = "Dead";
static const char *SICK = "Sick";
static const char *NOSTART = "NoStart";
@ -256,6 +257,8 @@ static const char *JSON_PARAMETER = "parameter";
#define MSG_MISFN 42
#define MSG_BADFN 43
#define MSG_SAVED 44
#define MSG_ACCDENY 45
#define MSG_ACCOK 46
enum code_severity {
SEVERITY_ERR,
@ -341,15 +344,19 @@ struct CODES {
{ SEVERITY_ERR, MSG_MISFN, PARAM_NONE, "Missing save filename parameter" },
{ SEVERITY_ERR, MSG_BADFN, PARAM_STR, "Can't open or create save file '%s'" },
{ SEVERITY_ERR, MSG_SAVED, PARAM_STR, "Configuration saved to file '%s'" },
{ SEVERITY_ERR, MSG_ACCDENY, PARAM_STR, "Access denied to '%s' command" },
{ SEVERITY_SUCC, MSG_ACCOK, PARAM_NONE, "Privileged access OK" },
{ SEVERITY_FAIL, 0, 0, NULL }
};
static int my_thr_id = 0;
static int bye = 0;
static bool ping = true;
struct IP4ACCESS {
in_addr_t ip;
in_addr_t mask;
bool writemode;
};
static struct IP4ACCESS *ipaccess = NULL;
@ -496,9 +503,9 @@ static void minerconfig(__maybe_unused SOCKETTYPE c, __maybe_unused char *param,
strcpy(io_buffer, message(MSG_MINECON, 0, NULL, isjson));
if (isjson)
sprintf(buf, "," JSON_MINECON "{\"GPU Count\":%d,\"CPU Count\":%d,\"Pool Count\":%d,\"ADL\":\"%s\",\"ADL in use\":\"%s\",\"Strategy\":\"%s\"}" JSON_CLOSE, nDevs, cpucount, total_pools, adl, adlinuse, strategies[pool_strategy].s);
sprintf(buf, "," JSON_MINECON "{\"GPU Count\":%d,\"CPU Count\":%d,\"Pool Count\":%d,\"ADL\":\"%s\",\"ADL in use\":\"%s\",\"Strategy\":\"%s\",\"Log Interval\":\"%d\"}" JSON_CLOSE, nDevs, cpucount, total_pools, adl, adlinuse, strategies[pool_strategy].s, opt_log_interval);
else
sprintf(buf, _MINECON ",GPU Count=%d,CPU Count=%d,Pool Count=%d,ADL=%s,ADL in use=%s,Strategy=%s%c", nDevs, cpucount, total_pools, adl, adlinuse, strategies[pool_strategy].s, SEPARATOR);
sprintf(buf, _MINECON ",GPU Count=%d,CPU Count=%d,Pool Count=%d,ADL=%s,ADL in use=%s,Strategy=%s,Log Interval=%d%c", nDevs, cpucount, total_pools, adl, adlinuse, strategies[pool_strategy].s, opt_log_interval, SEPARATOR);
strcat(io_buffer, buf);
}
@ -1129,9 +1136,17 @@ void doquit(SOCKETTYPE c, __maybe_unused char *param, bool isjson)
send_result(c, isjson);
*io_buffer = '\0';
bye = 1;
PTH(&thr_info[my_thr_id]) = 0L;
kill_work();
}
void privileged(__maybe_unused SOCKETTYPE c, __maybe_unused char *param, bool isjson)
{
strcpy(io_buffer, message(MSG_ACCOK, 0, NULL, isjson));
}
void dosave(__maybe_unused SOCKETTYPE c, char *param, bool isjson)
{
FILE *fcfg;
@ -1156,30 +1171,32 @@ void dosave(__maybe_unused SOCKETTYPE c, char *param, bool isjson)
struct CMDS {
char *name;
void (*func)(SOCKETTYPE, char *, bool);
bool requires_writemode;
} cmds[] = {
{ "version", apiversion },
{ "config", minerconfig },
{ "devs", devstatus },
{ "pools", poolstatus },
{ "summary", summary },
{ "gpuenable", gpuenable },
{ "gpudisable", gpudisable },
{ "gpurestart", gpurestart },
{ "gpu", gpudev },
{ "version", apiversion, false },
{ "config", minerconfig, false },
{ "devs", devstatus, false },
{ "pools", poolstatus, false },
{ "summary", summary, false },
{ "gpuenable", gpuenable, true },
{ "gpudisable", gpudisable, true },
{ "gpurestart", gpurestart, true },
{ "gpu", gpudev, false },
#ifdef WANT_CPUMINE
{ "cpu", cpudev },
{ "cpu", cpudev, false },
#endif
{ "gpucount", gpucount },
{ "cpucount", cpucount },
{ "switchpool", switchpool },
{ "gpuintensity", gpuintensity },
{ "gpumem", gpumem},
{ "gpuengine", gpuengine},
{ "gpufan", gpufan},
{ "gpuvddc", gpuvddc},
{ "save", dosave },
{ "quit", doquit },
{ NULL, NULL }
{ "gpucount", gpucount, false },
{ "cpucount", cpucount, false },
{ "switchpool", switchpool, true },
{ "gpuintensity", gpuintensity, true },
{ "gpumem", gpumem, true },
{ "gpuengine", gpuengine, true },
{ "gpufan", gpufan, true },
{ "gpuvddc", gpuvddc, true },
{ "save", dosave, true },
{ "quit", doquit, true },
{ "privileged", privileged, true },
{ NULL, NULL, false }
};
static void send_result(SOCKETTYPE c, bool isjson)
@ -1192,16 +1209,16 @@ static void send_result(SOCKETTYPE c, bool isjson)
len = strlen(io_buffer);
applog(LOG_DEBUG, "DBG: send reply: (%d) '%.10s%s'", len+1, io_buffer, len > 10 ? "..." : "");
applog(LOG_DEBUG, "API: send reply: (%d) '%.10s%s'", len+1, io_buffer, len > 10 ? "..." : "");
// ignore failure - it's closed immediately anyway
n = send(c, io_buffer, len+1, 0);
if (opt_debug) {
if (SOCKETFAIL(n))
applog(LOG_DEBUG, "DBG: send failed: %s", SOCKERRMSG);
applog(LOG_DEBUG, "API: send failed: %s", SOCKERRMSG);
else
applog(LOG_DEBUG, "DBG: sent %d", n);
applog(LOG_DEBUG, "API: sent %d", n);
}
}
@ -1233,14 +1250,18 @@ static void tidyup()
}
/*
* Interpret IP[/Prefix][,IP2[/Prefix2][,...]] --api-allow option
*
* Interpret [R|W:]IP[/Prefix][,[R|W:]IP2[/Prefix2][,...]] --api-allow option
* special case of 0/0 allows /0 (means all IP addresses)
*/
#define ALLIP4 "0/0"
/*
* N.B. IP4 addresses are by Definition 32bit big endian on all platforms
*/
static void setup_ipaccess()
{
char *buf, *ptr, *comma, *slash, *dot;
int ipcount, mask, octet, i;
bool writemode;
buf = malloc(strlen(opt_api_allow) + 1);
if (unlikely(!buf))
@ -1274,39 +1295,54 @@ static void setup_ipaccess()
if (comma)
*(comma++) = '\0';
slash = strchr(ptr, '/');
if (!slash)
ipaccess[ips].mask = 0xffffffff;
writemode = false;
if (isalpha(*ptr) && *(ptr+1) == ':') {
if (tolower(*ptr) == 'w')
writemode = true;
ptr += 2;
}
ipaccess[ips].writemode = writemode;
if (strcmp(ptr, ALLIP4) == 0)
ipaccess[ips].ip = ipaccess[ips].mask = 0;
else {
*(slash++) = '\0';
mask = atoi(slash);
if (mask < 1 || mask > 32)
goto popipo; // skip invalid/zero
slash = strchr(ptr, '/');
if (!slash)
ipaccess[ips].mask = 0xffffffff;
else {
*(slash++) = '\0';
mask = atoi(slash);
if (mask < 1 || mask > 32)
goto popipo; // skip invalid/zero
ipaccess[ips].mask = 0;
while (mask-- >= 0) {
octet = 1 << (mask % 8);
ipaccess[ips].mask |= (octet << (8 * (mask >> 3)));
ipaccess[ips].mask = 0;
while (mask-- >= 0) {
octet = 1 << (mask % 8);
ipaccess[ips].mask |= (octet << (8 * (mask >> 3)));
}
}
ipaccess[ips].ip = 0; // missing default to '.0'
for (i = 0; ptr && (i < 4); i++) {
dot = strchr(ptr, '.');
if (dot)
*(dot++) = '\0';
octet = atoi(ptr);
if (octet < 0 || octet > 0xff)
goto popipo; // skip invalid
ipaccess[ips].ip |= (octet << (i * 8));
ptr = dot;
}
ipaccess[ips].ip &= ipaccess[ips].mask;
}
ipaccess[ips].ip = 0; // missing default to '.0'
for (i = 0; ptr && (i < 4); i++) {
dot = strchr(ptr, '.');
if (dot)
*(dot++) = '\0';
octet = atoi(ptr);
if (octet < 0 || octet > 0xff)
goto popipo; // skip invalid
ipaccess[ips].ip |= (octet << (i * 8));
ptr = dot;
}
ipaccess[ips].ip &= ipaccess[ips].mask;
ips++;
popipo:
ptr = comma;
@ -1315,7 +1351,7 @@ popipo:
free(buf);
}
void api(void)
void api(int api_thr_id)
{
char buf[BUFSIZ];
char param_buf[BUFSIZ];
@ -1332,6 +1368,7 @@ void api(void)
char *cmd;
char *param;
bool addrok;
bool writemode;
json_error_t json_err;
json_t *json_config;
json_t *json_val;
@ -1339,6 +1376,8 @@ void api(void)
bool did;
int i;
my_thr_id = api_thr_id;
/* This should be done first to ensure curl has already called WSAStartup() in windows */
sleep(opt_log_interval);
@ -1423,27 +1462,27 @@ void api(void)
goto die;
}
connectaddr = inet_ntoa(cli.sin_addr);
addrok = false;
writemode = false;
if (opt_api_allow) {
for (i = 0; i < ips; i++) {
if ((cli.sin_addr.s_addr & ipaccess[i].mask) == ipaccess[i].ip) {
addrok = true;
writemode = ipaccess[i].writemode;
break;
}
}
} else {
if (opt_api_network)
addrok = true;
else {
connectaddr = inet_ntoa(cli.sin_addr);
else
addrok = (strcmp(connectaddr, localaddr) == 0);
}
}
if (opt_debug) {
connectaddr = inet_ntoa(cli.sin_addr);
applog(LOG_DEBUG, "DBG: connection from %s - %s", connectaddr, addrok ? "Accepted" : "Ignored");
}
if (opt_debug)
applog(LOG_DEBUG, "API: connection from %s - %s", connectaddr, addrok ? "Accepted" : "Ignored");
if (addrok) {
n = recv(c, &buf[0], BUFSIZ-1, 0);
@ -1454,9 +1493,9 @@ void api(void)
if (opt_debug) {
if (SOCKETFAIL(n))
applog(LOG_DEBUG, "DBG: recv failed: %s", SOCKERRMSG);
applog(LOG_DEBUG, "API: recv failed: %s", SOCKERRMSG);
else
applog(LOG_DEBUG, "DBG: recv command: (%d) '%s'", n, buf);
applog(LOG_DEBUG, "API: recv command: (%d) '%s'", n, buf);
}
if (!SOCKETFAIL(n)) {
@ -1522,7 +1561,13 @@ void api(void)
if (!did)
for (i = 0; cmds[i].name != NULL; i++) {
if (strcmp(cmd, cmds[i].name) == 0) {
(cmds[i].func)(c, param, isjson);
if (cmds[i].requires_writemode && !writemode) {
strcpy(io_buffer, message(MSG_ACCDENY, 0, cmds[i].name, isjson));
applog(LOG_DEBUG, "API: access denied to '%s' for '%s' command", connectaddr, cmds[i].name);
}
else
(cmds[i].func)(c, param, isjson);
send_result(c, isjson);
did = true;
break;

2
cgminer.c
View File

@ -2802,7 +2802,7 @@ static void *api_thread(void *userdata)
pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
api();
api(api_thr_id);
PTH(mythr) = 0L;

2
miner.h
View File

@ -449,7 +449,7 @@ extern int set_engineclock(int gpu, int iEngineClock);
extern int set_memoryclock(int gpu, int iMemoryClock);
#endif
extern void api(void);
extern void api(int thr_id);
#define MAX_GPUDEVICES 16
#define MAX_DEVICES 32