mirror of
https://github.com/GOSTSec/sgminer
synced 2025-01-15 00:59:59 +00:00
API restrict access to all non display commands by default
This commit is contained in:
parent
c25aead886
commit
60b7c01e7a
80
api.c
80
api.c
@ -11,6 +11,7 @@
|
|||||||
#include "config.h"
|
#include "config.h"
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
#include <ctype.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
@ -256,6 +257,7 @@ static const char *JSON_PARAMETER = "parameter";
|
|||||||
#define MSG_MISFN 42
|
#define MSG_MISFN 42
|
||||||
#define MSG_BADFN 43
|
#define MSG_BADFN 43
|
||||||
#define MSG_SAVED 44
|
#define MSG_SAVED 44
|
||||||
|
#define MSG_ACCDENY 45
|
||||||
|
|
||||||
enum code_severity {
|
enum code_severity {
|
||||||
SEVERITY_ERR,
|
SEVERITY_ERR,
|
||||||
@ -341,6 +343,7 @@ struct CODES {
|
|||||||
{ SEVERITY_ERR, MSG_MISFN, PARAM_NONE, "Missing save filename parameter" },
|
{ SEVERITY_ERR, MSG_MISFN, PARAM_NONE, "Missing save filename parameter" },
|
||||||
{ SEVERITY_ERR, MSG_BADFN, PARAM_STR, "Can't open or create save file '%s'" },
|
{ SEVERITY_ERR, MSG_BADFN, PARAM_STR, "Can't open or create save file '%s'" },
|
||||||
{ SEVERITY_ERR, MSG_SAVED, PARAM_STR, "Configuration saved to file '%s'" },
|
{ SEVERITY_ERR, MSG_SAVED, PARAM_STR, "Configuration saved to file '%s'" },
|
||||||
|
{ SEVERITY_ERR, MSG_ACCDENY, PARAM_STR, "Access denied to '%s' command" },
|
||||||
{ SEVERITY_FAIL, 0, 0, NULL }
|
{ SEVERITY_FAIL, 0, 0, NULL }
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -350,6 +353,7 @@ static bool ping = true;
|
|||||||
struct IP4ACCESS {
|
struct IP4ACCESS {
|
||||||
in_addr_t ip;
|
in_addr_t ip;
|
||||||
in_addr_t mask;
|
in_addr_t mask;
|
||||||
|
bool writemode;
|
||||||
};
|
};
|
||||||
|
|
||||||
static struct IP4ACCESS *ipaccess = NULL;
|
static struct IP4ACCESS *ipaccess = NULL;
|
||||||
@ -1156,30 +1160,31 @@ void dosave(__maybe_unused SOCKETTYPE c, char *param, bool isjson)
|
|||||||
struct CMDS {
|
struct CMDS {
|
||||||
char *name;
|
char *name;
|
||||||
void (*func)(SOCKETTYPE, char *, bool);
|
void (*func)(SOCKETTYPE, char *, bool);
|
||||||
|
bool requires_writemode;
|
||||||
} cmds[] = {
|
} cmds[] = {
|
||||||
{ "version", apiversion },
|
{ "version", apiversion, false },
|
||||||
{ "config", minerconfig },
|
{ "config", minerconfig, false },
|
||||||
{ "devs", devstatus },
|
{ "devs", devstatus, false },
|
||||||
{ "pools", poolstatus },
|
{ "pools", poolstatus, false },
|
||||||
{ "summary", summary },
|
{ "summary", summary, false },
|
||||||
{ "gpuenable", gpuenable },
|
{ "gpuenable", gpuenable, true },
|
||||||
{ "gpudisable", gpudisable },
|
{ "gpudisable", gpudisable, true },
|
||||||
{ "gpurestart", gpurestart },
|
{ "gpurestart", gpurestart, true },
|
||||||
{ "gpu", gpudev },
|
{ "gpu", gpudev, false },
|
||||||
#ifdef WANT_CPUMINE
|
#ifdef WANT_CPUMINE
|
||||||
{ "cpu", cpudev },
|
{ "cpu", cpudev, false },
|
||||||
#endif
|
#endif
|
||||||
{ "gpucount", gpucount },
|
{ "gpucount", gpucount, false },
|
||||||
{ "cpucount", cpucount },
|
{ "cpucount", cpucount, false },
|
||||||
{ "switchpool", switchpool },
|
{ "switchpool", switchpool, true },
|
||||||
{ "gpuintensity", gpuintensity },
|
{ "gpuintensity", gpuintensity, true },
|
||||||
{ "gpumem", gpumem},
|
{ "gpumem", gpumem, true },
|
||||||
{ "gpuengine", gpuengine},
|
{ "gpuengine", gpuengine, true },
|
||||||
{ "gpufan", gpufan},
|
{ "gpufan", gpufan, true },
|
||||||
{ "gpuvddc", gpuvddc},
|
{ "gpuvddc", gpuvddc, true },
|
||||||
{ "save", dosave },
|
{ "save", dosave, true },
|
||||||
{ "quit", doquit },
|
{ "quit", doquit, true },
|
||||||
{ NULL, NULL }
|
{ NULL, NULL, false }
|
||||||
};
|
};
|
||||||
|
|
||||||
static void send_result(SOCKETTYPE c, bool isjson)
|
static void send_result(SOCKETTYPE c, bool isjson)
|
||||||
@ -1233,7 +1238,7 @@ static void tidyup()
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Interpret IP[/Prefix][,IP2[/Prefix2][,...]] --api-allow option
|
* Interpret [R|W:]IP[/Prefix][,[R|W:]IP2[/Prefix2][,...]] --api-allow option
|
||||||
* special case of 0/0 allows /0 (means all IP addresses)
|
* special case of 0/0 allows /0 (means all IP addresses)
|
||||||
*/
|
*/
|
||||||
#define ALLIP4 "0/0"
|
#define ALLIP4 "0/0"
|
||||||
@ -1244,6 +1249,7 @@ static void setup_ipaccess()
|
|||||||
{
|
{
|
||||||
char *buf, *ptr, *comma, *slash, *dot;
|
char *buf, *ptr, *comma, *slash, *dot;
|
||||||
int ipcount, mask, octet, i;
|
int ipcount, mask, octet, i;
|
||||||
|
bool writemode;
|
||||||
|
|
||||||
buf = malloc(strlen(opt_api_allow) + 1);
|
buf = malloc(strlen(opt_api_allow) + 1);
|
||||||
if (unlikely(!buf))
|
if (unlikely(!buf))
|
||||||
@ -1277,6 +1283,17 @@ static void setup_ipaccess()
|
|||||||
if (comma)
|
if (comma)
|
||||||
*(comma++) = '\0';
|
*(comma++) = '\0';
|
||||||
|
|
||||||
|
writemode = false;
|
||||||
|
|
||||||
|
if (isalpha(*ptr) && *(ptr+1) == ':') {
|
||||||
|
if (tolower(*ptr) == 'w')
|
||||||
|
writemode = true;
|
||||||
|
|
||||||
|
ptr += 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
ipaccess[ips].writemode = writemode;
|
||||||
|
|
||||||
if (strcmp(ptr, ALLIP4) == 0)
|
if (strcmp(ptr, ALLIP4) == 0)
|
||||||
ipaccess[ips].ip = ipaccess[ips].mask = 0;
|
ipaccess[ips].ip = ipaccess[ips].mask = 0;
|
||||||
else {
|
else {
|
||||||
@ -1339,6 +1356,7 @@ void api(void)
|
|||||||
char *cmd;
|
char *cmd;
|
||||||
char *param;
|
char *param;
|
||||||
bool addrok;
|
bool addrok;
|
||||||
|
bool writemode;
|
||||||
json_error_t json_err;
|
json_error_t json_err;
|
||||||
json_t *json_config;
|
json_t *json_config;
|
||||||
json_t *json_val;
|
json_t *json_val;
|
||||||
@ -1430,27 +1448,27 @@ void api(void)
|
|||||||
goto die;
|
goto die;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
connectaddr = inet_ntoa(cli.sin_addr);
|
||||||
|
|
||||||
addrok = false;
|
addrok = false;
|
||||||
|
writemode = false;
|
||||||
if (opt_api_allow) {
|
if (opt_api_allow) {
|
||||||
for (i = 0; i < ips; i++) {
|
for (i = 0; i < ips; i++) {
|
||||||
if ((cli.sin_addr.s_addr & ipaccess[i].mask) == ipaccess[i].ip) {
|
if ((cli.sin_addr.s_addr & ipaccess[i].mask) == ipaccess[i].ip) {
|
||||||
addrok = true;
|
addrok = true;
|
||||||
|
writemode = ipaccess[i].writemode;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (opt_api_network)
|
if (opt_api_network)
|
||||||
addrok = true;
|
addrok = true;
|
||||||
else {
|
else
|
||||||
connectaddr = inet_ntoa(cli.sin_addr);
|
|
||||||
addrok = (strcmp(connectaddr, localaddr) == 0);
|
addrok = (strcmp(connectaddr, localaddr) == 0);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if (opt_debug) {
|
if (opt_debug)
|
||||||
connectaddr = inet_ntoa(cli.sin_addr);
|
|
||||||
applog(LOG_DEBUG, "DBG: connection from %s - %s", connectaddr, addrok ? "Accepted" : "Ignored");
|
applog(LOG_DEBUG, "DBG: connection from %s - %s", connectaddr, addrok ? "Accepted" : "Ignored");
|
||||||
}
|
|
||||||
|
|
||||||
if (addrok) {
|
if (addrok) {
|
||||||
n = recv(c, &buf[0], BUFSIZ-1, 0);
|
n = recv(c, &buf[0], BUFSIZ-1, 0);
|
||||||
@ -1529,7 +1547,13 @@ void api(void)
|
|||||||
if (!did)
|
if (!did)
|
||||||
for (i = 0; cmds[i].name != NULL; i++) {
|
for (i = 0; cmds[i].name != NULL; i++) {
|
||||||
if (strcmp(cmd, cmds[i].name) == 0) {
|
if (strcmp(cmd, cmds[i].name) == 0) {
|
||||||
|
if (cmds[i].requires_writemode && !writemode) {
|
||||||
|
strcpy(io_buffer, message(MSG_ACCDENY, 0, cmds[i].name, isjson));
|
||||||
|
applog(LOG_DEBUG, "DBG: access denied to '%s' for '%s' command", connectaddr, cmds[i].name);
|
||||||
|
}
|
||||||
|
else
|
||||||
(cmds[i].func)(c, param, isjson);
|
(cmds[i].func)(c, param, isjson);
|
||||||
|
|
||||||
send_result(c, isjson);
|
send_result(c, isjson);
|
||||||
did = true;
|
did = true;
|
||||||
break;
|
break;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user