Commit 55e7f31425f444b3511d71d67f2fbb9e76054ef1
2013-08-22T23:38:57
API mcast only reply to remote IP's that are allowed access
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124
diff --git a/api.c b/api.c
index b046a98..1afbec0 100644
--- a/api.c
+++ b/api.c
@@ -626,6 +626,8 @@ struct CODES {
{ SEVERITY_FAIL, 0, 0, NULL }
};
+static const char *localaddr = "127.0.0.1";
+
static int my_thr_id = 0;
static bool bye;
@@ -4260,6 +4262,33 @@ static void *restart_thread(__maybe_unused void *userdata)
return NULL;
}
+static bool check_connect(struct sockaddr_in *cli, char **connectaddr, char *group)
+{
+ bool addrok = false;
+ int i;
+
+ *connectaddr = inet_ntoa(cli->sin_addr);
+
+ *group = NOPRIVGROUP;
+ if (opt_api_allow) {
+ int client_ip = htonl(cli->sin_addr.s_addr);
+ for (i = 0; i < ips; i++) {
+ if ((client_ip & ipaccess[i].mask) == ipaccess[i].ip) {
+ addrok = true;
+ *group = ipaccess[i].group;
+ break;
+ }
+ }
+ } else {
+ if (opt_api_network)
+ addrok = true;
+ else
+ addrok = (strcmp(*connectaddr, localaddr) == 0);
+ }
+
+ return addrok;
+}
+
static void mcast()
{
struct sockaddr_in listen;
@@ -4270,10 +4299,13 @@ static void mcast()
SOCKETTYPE mcast_sock;
SOCKETTYPE reply_sock;
socklen_t came_from_siz;
+ char *connectaddr;
ssize_t rep;
int bound;
int count;
int reply_port;
+ bool addrok;
+ char group;
char expect[] = "cgminer-"; // first 8 bytes constant
char *expect_code;
@@ -4286,7 +4318,7 @@ static void mcast()
grp.imr_multiaddr.s_addr = inet_addr(opt_api_mcast_addr);
if (grp.imr_multiaddr.s_addr == INADDR_NONE)
quit(1, "Invalid Multicast Address");
- grp.imr_interface.s_addr = inet_addr("192.168.7.70");
+ grp.imr_interface.s_addr = INADDR_ANY;
mcast_sock = socket(AF_INET, SOCK_DGRAM, 0);
@@ -4343,6 +4375,13 @@ static void mcast()
count, SOCKERRMSG, (int)mcast_sock);
continue;
}
+
+ addrok = check_connect(&came_from, &connectaddr, &group);
+ applog(LOG_DEBUG, "API mcast from %s - %s",
+ connectaddr, addrok ? "Accepted" : "Ignored");
+ if (!addrok)
+ continue;
+
buf[rep] = '\0';
if (rep > 0 && buf[rep-1] == '\n')
buf[--rep] = '\0';
@@ -4424,7 +4463,6 @@ void api(int api_thr_id)
struct thr_info bye_thr;
char buf[TMPBUFSIZ];
char param_buf[TMPBUFSIZ];
- const char *localaddr = "127.0.0.1";
SOCKETTYPE c;
int n, bound;
char *connectaddr;
@@ -4558,28 +4596,9 @@ void api(int api_thr_id)
goto die;
}
- connectaddr = inet_ntoa(cli.sin_addr);
-
- addrok = false;
- group = NOPRIVGROUP;
- if (opt_api_allow) {
- int client_ip = htonl(cli.sin_addr.s_addr);
- for (i = 0; i < ips; i++) {
- if ((client_ip & ipaccess[i].mask) == ipaccess[i].ip) {
- addrok = true;
- group = ipaccess[i].group;
- break;
- }
- }
- } else {
- if (opt_api_network)
- addrok = true;
- else
- addrok = (strcmp(connectaddr, localaddr) == 0);
- }
-
- if (opt_debug)
- applog(LOG_DEBUG, "API: connection from %s - %s", connectaddr, addrok ? "Accepted" : "Ignored");
+ addrok = check_connect(&cli, &connectaddr, &group);
+ applog(LOG_DEBUG, "API: connection from %s - %s",
+ connectaddr, addrok ? "Accepted" : "Ignored");
if (addrok) {
n = recv(c, &buf[0], TMPBUFSIZ-1, 0);