diff options
| -rw-r--r-- | xmrstak/config.tpl | 15 | ||||
| -rw-r--r-- | xmrstak/http/httpd.cpp | 26 | ||||
| -rw-r--r-- | xmrstak/http/webdesign.cpp | 11 | ||||
| -rw-r--r-- | xmrstak/http/webdesign.hpp | 6 | ||||
| -rw-r--r-- | xmrstak/jconf.cpp | 14 | ||||
| -rw-r--r-- | xmrstak/jconf.hpp | 2 |
6 files changed, 71 insertions, 3 deletions
diff --git a/xmrstak/config.tpl b/xmrstak/config.tpl index c06d121..c3ea061 100644 --- a/xmrstak/config.tpl +++ b/xmrstak/config.tpl @@ -106,7 +106,7 @@ POOLCONF], */ /* - * use_slow_memory defines our behavior with regards to large pages. There are three possible options here: + * use_slow_memory defines our behaviour with regards to large pages. There are three possible options here: * always - Don't even try to use large pages. Always use slow memory. * warn - We will try to use large pages, but fall back to slow memory if that fails. * no_mlck - This option is only relevant on Linux, where we can use large pages without locking memory. @@ -159,6 +159,19 @@ POOLCONF], "httpd_port" : 0, /* + * HTTP Authentication + * + * This allows you to set a password to keep people on the Internet from snooping on your hashrate. + * Keep in mind that this is based on HTTP Digest, which is based on MD5. To a determined attacker + * who is able to read your traffic it is as easy to break a bog door latch. + * + * http_login - Login. Empty login disables authentication. + * http_pass - Password. + */ +"http_login" : "", +"http_pass" : "", + +/* * prefer_ipv4 - IPv6 preference. If the host is available on both IPv4 and IPv6 net, which one should be choose? * This setting will only be needed in 2020's. No need to worry about it now. */ diff --git a/xmrstak/http/httpd.cpp b/xmrstak/http/httpd.cpp index a112bbb..8debfa7 100644 --- a/xmrstak/http/httpd.cpp +++ b/xmrstak/http/httpd.cpp @@ -62,8 +62,32 @@ int httpd::req_handler(void * cls, if (strcmp(method, "GET") != 0) return MHD_NO; - *ptr = nullptr; + if(strlen(jconf::inst()->GetHttpUsername()) != 0) + { + char* username; + int ret; + + username = MHD_digest_auth_get_username(connection); + if (username == NULL) + { + rsp = MHD_create_response_from_buffer(sHtmlAccessDeniedSize, (void*)sHtmlAccessDenied, MHD_RESPMEM_PERSISTENT); + ret = MHD_queue_auth_fail_response(connection, sHttpAuthRelam, sHttpAuthOpaque, rsp, MHD_NO); + MHD_destroy_response(rsp); + return ret; + } + free(username); + ret = MHD_digest_auth_check(connection, sHttpAuthRelam, jconf::inst()->GetHttpUsername(), jconf::inst()->GetHttpPassword(), 300); + if (ret == MHD_INVALID_NONCE || ret == MHD_NO) + { + rsp = MHD_create_response_from_buffer(sHtmlAccessDeniedSize, (void*)sHtmlAccessDenied, MHD_RESPMEM_PERSISTENT); + ret = MHD_queue_auth_fail_response(connection, sHttpAuthRelam, sHttpAuthOpaque, rsp, (ret == MHD_INVALID_NONCE) ? MHD_YES : MHD_NO); + MHD_destroy_response(rsp); + return ret; + } + } + + *ptr = nullptr; std::string str; if(strcasecmp(url, "/style.css") == 0) { diff --git a/xmrstak/http/webdesign.cpp b/xmrstak/http/webdesign.cpp index c6fcea6..1cb76c3 100644 --- a/xmrstak/http/webdesign.cpp +++ b/xmrstak/http/webdesign.cpp @@ -90,6 +90,17 @@ extern const char sHtmlCssFile [] = size_t sHtmlCssSize = sizeof(sHtmlCssFile) - 1; +extern const char sHttpAuthRelam[] = "XMR-Stak-Miner"; +extern const char sHttpAuthOpaque[] = "6c071f0df539e234cadbcd79164af7a594e23ab42bccb834df796aead6ce96e4"; + +extern const char sHtmlAccessDenied[] = + "<!DOCTYPE html><html>" + "<head><title>Access Denied</title></head>" + "<body><h1>Access Denied</h1><p>You have entered a wrong username or password</p></body>" + "</html>"; + +size_t sHtmlAccessDeniedSize = sizeof(sHtmlAccessDenied) - 1; + extern const char sHtmlCommonHeader [] = "<!DOCTYPE html>" "<html>" diff --git a/xmrstak/http/webdesign.hpp b/xmrstak/http/webdesign.hpp index 92639a0..122b5fb 100644 --- a/xmrstak/http/webdesign.hpp +++ b/xmrstak/http/webdesign.hpp @@ -4,6 +4,12 @@ extern const char sHtmlCssEtag[]; extern const char sHtmlCssFile[]; extern size_t sHtmlCssSize; +extern const char sHtmlAccessDenied[]; +extern size_t sHtmlAccessDeniedSize; + +extern const char sHttpAuthRelam[]; +extern const char sHttpAuthOpaque[]; + extern const char sHtmlCommonHeader[]; extern const char sHtmlHashrateBodyHigh[]; diff --git a/xmrstak/jconf.cpp b/xmrstak/jconf.cpp index ec1233a..0418842 100644 --- a/xmrstak/jconf.cpp +++ b/xmrstak/jconf.cpp @@ -52,7 +52,7 @@ using namespace rapidjson; */ enum configEnum { aPoolList, bTlsSecureAlgo, sCurrency, iCallTimeout, iNetRetry, iGiveUpLimit, iVerboseLevel, iAutohashTime, - bFlushStdout, bDaemonMode, sOutputFile, iHttpdPort, bPreferIpv4, bAesOverride, sUseSlowMem + bFlushStdout, bDaemonMode, sOutputFile, iHttpdPort, sHttpLogin, sHttpPass, bPreferIpv4, bAesOverride, sUseSlowMem }; struct configVal { @@ -76,6 +76,8 @@ configVal oConfigValues[] = { { bDaemonMode, "daemon_mode", kTrueType }, { sOutputFile, "output_file", kStringType }, { iHttpdPort, "httpd_port", kNumberType }, + { sHttpLogin, "http_login", kStringType }, + { sHttpPass, "http_pass", kStringType }, { bPreferIpv4, "prefer_ipv4", kTrueType }, { bAesOverride, "aes_override", kNullType }, { sUseSlowMem, "use_slow_memory", kStringType } @@ -236,6 +238,16 @@ uint16_t jconf::GetHttpdPort() return prv->configValues[iHttpdPort]->GetUint(); } +const char* jconf::GetHttpUsername() +{ + return prv->configValues[sHttpLogin]->GetString(); +} + +const char* jconf::GetHttpPassword() +{ + return prv->configValues[sHttpPass]->GetString(); +} + bool jconf::DaemonMode() { return prv->configValues[bDaemonMode]->GetBool(); diff --git a/xmrstak/jconf.hpp b/xmrstak/jconf.hpp index b68ef38..1bd4d47 100644 --- a/xmrstak/jconf.hpp +++ b/xmrstak/jconf.hpp @@ -60,6 +60,8 @@ public: uint64_t GetGiveUpLimit(); uint16_t GetHttpdPort(); + const char* GetHttpUsername(); + const char* GetHttpPassword(); bool DaemonMode(); |
