From be293d72cd011fc04f6a14fa743f4b1c03da8992 Mon Sep 17 00:00:00 2001 From: BenDroid Date: Sun, 25 Feb 2018 23:32:51 +0100 Subject: [PATCH] Cleanup and added integrated tls config params parsing --- CMakeLists.txt | 12 ++++----- src/3rdparty/clib-net/include/net.h | 6 ++--- src/3rdparty/clib-net/src/net.c | 12 ++++----- src/Options.cpp | 37 +++++++++++++++++++++++---- src/Options.h | 2 -- src/cc/CCClient.cpp | 4 +-- src/cc/Httpd.cpp | 4 +-- src/config.json | 2 ++ src/config_cc.json | 3 +++ src/default_config.json | 2 ++ src/net/Client.cpp | 4 +-- src/net/Client.h | 2 +- src/net/Network.cpp | 4 +-- src/net/Url.cpp | 8 +++--- src/net/Url.h | 8 +++--- src/net/strategies/DonateStrategy.cpp | 2 +- 16 files changed, 72 insertions(+), 40 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 50cd444f..36e02a55 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -10,7 +10,7 @@ option(WITH_AEON "CryptoNight-Lite support" ON) option(WITH_HTTPD "HTTP REST API" OFF) option(WITH_CC_CLIENT "CC Client" ON) option(WITH_CC_SERVER "CC Server" ON) -option(WITH_SSL_TLS "SSL/TLS support" ON) +option(WITH_TLS "TLS support" ON) include (CheckIncludeFile) include (cmake/cpu.cmake) @@ -112,7 +112,7 @@ find_package(UV REQUIRED) include(cmake/flags.cmake) -if (WITH_SSL_TLS) +if (WITH_TLS) find_package(OpenSSL REQUIRED) add_definitions(/DCPPHTTPLIB_OPENSSL_SUPPORT) @@ -121,10 +121,10 @@ if (WITH_SSL_TLS) include_directories(${OPENSSL_INCLUDE_DIR}) set(SOURCES_SSL_TLS src/3rdparty/clib-net/src/tls.c) else() - message(FATAL_ERROR "OpenSSL NOT found: use `-DWITH_SSL_TLS=OFF` to build without SSL/TLS support") + message(FATAL_ERROR "OpenSSL NOT found: use `-DWITH_TLS=OFF` to build without TLS support") endif() else() - add_definitions(/DXMRIG_NO_SSL_TLS) + add_definitions(/DXMRIG_NO_TLS) endif() if (WITH_LIBCPUID) @@ -208,9 +208,9 @@ add_library(xmrig_common STATIC ${SOURCES_COMMON}) add_library(xmrig_os_dependencies STATIC ${SOURCES_OS} ${SOURCES_SYSLOG}) add_library(xmrig_cpuid STATIC ${SOURCES_CPUID}) -if (WITH_SSL_TLS) +if (WITH_TLS) add_library(xmrig_tls STATIC ${SOURCES_SSL_TLS}) -endif (WITH_SSL_TLS) +endif (WITH_TLS) if (WITH_CC_SERVER OR WITH_CC_CLIENT) add_library(xmrig_cc_common STATIC ${SOURCES_CC_COMMON}) diff --git a/src/3rdparty/clib-net/include/net.h b/src/3rdparty/clib-net/include/net.h index 674a7bc3..d9f1ce6d 100644 --- a/src/3rdparty/clib-net/include/net.h +++ b/src/3rdparty/clib-net/include/net.h @@ -9,7 +9,7 @@ #include #include -#ifndef XMRIG_NO_SSL_TLS +#ifndef XMRIG_NO_TLS #include "tls.h" #endif @@ -43,7 +43,7 @@ typedef struct sockaddr_in socketPair_t; uv_tcp_t *handle; \ uv_connect_t *conn; \ -#ifndef XMRIG_NO_SSL_TLS +#ifndef XMRIG_NO_TLS #define NET_TLS_FIELDS \ int use_ssl; \ int tls_established; \ @@ -71,7 +71,7 @@ net_t * net_new(char * hostname, int port); -#ifndef XMRIG_NO_SSL_TLS +#ifndef XMRIG_NO_TLS /* * Set SSL's Context */ diff --git a/src/3rdparty/clib-net/src/net.c b/src/3rdparty/clib-net/src/net.c index cde76073..e992c229 100644 --- a/src/3rdparty/clib-net/src/net.c +++ b/src/3rdparty/clib-net/src/net.c @@ -25,7 +25,7 @@ net_new(char * hostname, int port) { return net; } -#ifndef XMRIG_NO_SSL_TLS +#ifndef XMRIG_NO_TLS int net_set_tls(net_t * net, tls_ctx * ctx) { net->use_ssl = USE_SSL; @@ -47,7 +47,7 @@ net_close(net_t * net, void (*cb)(uv_handle_t*)) { net->connected = 0; net->tls_established = 0; -#ifndef XMRIG_NO_SSL_TLS +#ifndef XMRIG_NO_TLS if (net->use_ssl) { tls_shutdown(net->tls); } @@ -55,7 +55,7 @@ net_close(net_t * net, void (*cb)(uv_handle_t*)) { uv_close((uv_handle_t*)net->handle, cb); -#ifndef XMRIG_NO_SSL_TLS +#ifndef XMRIG_NO_TLS if (net->use_ssl) { tls_free(net->tls); } @@ -204,7 +204,7 @@ net_connect_cb(uv_connect_t *conn, int err) { net->conn_cb(net); } -#ifndef XMRIG_NO_SSL_TLS +#ifndef XMRIG_NO_TLS /* * Handle TLS Partial */ @@ -246,7 +246,7 @@ net_read(uv_stream_t* handle, ssize_t nread, const uv_buf_t* buf) { return; } -#ifndef XMRIG_NO_SSL_TLS +#ifndef XMRIG_NO_TLS /* * BIO Return rule: * All these functions return either the amount of data successfully @@ -330,7 +330,7 @@ net_write2(net_t * net, char * buf, unsigned int len) { switch (net->use_ssl) { case USE_SSL: -#ifndef XMRIG_NO_SSL_TLS +#ifndef XMRIG_NO_TLS tls_write(net->tls, buf, (int)len); do { read = tls_bio_read(net->tls, 0); diff --git a/src/Options.cpp b/src/Options.cpp index 104ee499..69e1daea 100644 --- a/src/Options.cpp +++ b/src/Options.cpp @@ -74,7 +74,7 @@ Options:\n" -k, --keepalive send keepalived for prevent timeout (need pool support)\n\ -r, --retries=N number of times to retry before switch to backup server (default: 5)\n\ -R, --retry-pause=N time to pause between retries (default: 5)\n\ - --multihash-thread-mask for av=2/4 only, limits multihash to given threads (mask), (default: all threads)\n\ + --multihash-thread-mask for av=2/4 only, limits multihash to given threads (mask), (default: all threads)\n\ --cpu-affinity set process affinity to CPU core(s), mask 0x3 for cores 0 and 1\n\ --cpu-priority set process priority (0 idle, 2 normal to 5 highest)\n\ --no-huge-pages disable huge pages support\n\ @@ -90,6 +90,7 @@ Options:\n" # ifndef XMRIG_NO_CC "\ --cc-url=URL url of the CC Server\n\ + --cc-use-tls turn on tls encryption for CC communication\ --cc-access-token=T access token for CC Server\n\ --cc-worker-id=ID custom worker-id for CC Server\n\ --cc-update-interval-s status update interval in seconds (default: 10 min: 1)\n" @@ -101,7 +102,10 @@ Options:\n" --cc-user=USERNAME CC Server admin user\n\ --cc-pass=PASSWORD CC Server admin pass\n\ --cc-access-token=T CC Server access token for CC Client\n\ - --cc-port=N CC Server\n\ + --cc-port=N CC Server port\n\ + --cc-use-tls turn on tls encryption for CC communication \ + --cc-cert-file=FILE when tls is turned on, use this to point to the right cert file (default: server.pem) \ + --cc-key-file when tls is turned on, use this to point to the right key file (default: server.key) \ --cc-client-config-folder=FOLDER Folder contains the client config files\n\ --cc-custom-dashboard=FILE loads a custom dashboard and serve it to '/'\n" # endif @@ -164,6 +168,9 @@ static struct option const options[] = { { "cc-pass", 1, nullptr, 4008 }, { "cc-client-config-folder", 1, nullptr, 4009 }, { "cc-custom-dashboard", 1, nullptr, 4010 }, + { "cc-cert-file", 1, nullptr, 4014 }, + { "cc-key-file", 1, nullptr, 4015 }, + { "cc-use-tls", 1, nullptr, 4016 }, { "daemonized", 0, nullptr, 4011 }, { "doublehash-thread-mask", 1, nullptr, 4013 }, { "multihash-thread-mask", 1, nullptr, 4013 }, @@ -231,6 +238,9 @@ static struct option const cc_server_options[] = { { "pass", 1, nullptr, 4008 }, { "client-config-folder", 1, nullptr, 4009 }, { "custom-dashboard", 1, nullptr, 4010 }, + { "cert-file", 1, nullptr, 4014 }, + { "key-file", 1, nullptr, 4015 }, + { "use-tls", 1, nullptr, 4016 }, { nullptr, 0, nullptr, 0 } }; @@ -269,8 +279,7 @@ Options::Options(int argc, char **argv) : m_safe(false), m_syslog(false), m_daemonized(false), - m_useTls(true), - m_ccUseTls(true), + m_ccUseTls(false), m_configFile(Platform::defaultConfigName()), m_apiToken(nullptr), m_apiWorkerId(nullptr), @@ -484,6 +493,16 @@ bool Options::parseArg(int key, const char *arg) m_ccCustomDashboard = strdup(arg); break; + case 4014: /* --cc-cert-file */ + free(m_ccCertFile); + m_ccCertFile = strdup(arg); + break; + + case 4015: /* --cc-key-file */ + free(m_ccKeyFile); + m_ccKeyFile = strdup(arg); + break; + case 4011: /* --daemonized */ m_daemonized = true; break; @@ -515,6 +534,9 @@ bool Options::parseArg(int key, const char *arg) case 1009: /* --no-huge-pages */ return parseBoolean(key, false); + case 4016: /* --use-tls */ + return parseBoolean(key, true); + case 't': /* --threads */ if (strncmp(arg, "all", 3) == 0) { m_threads = Cpu::threads(); @@ -719,10 +741,15 @@ bool Options::parseBoolean(int key, bool enable) m_hugePages = enable; break; - case 2000: /* colors */ + case 2000: /* --colors */ m_colors = enable; break; + case 4016: /* --use-tls */ + m_pools.back()->setUseTls(enable); + m_ccUseTls = enable; + break; + default: break; } diff --git a/src/Options.h b/src/Options.h index 40a8eea7..9e24c34e 100644 --- a/src/Options.h +++ b/src/Options.h @@ -69,7 +69,6 @@ public: inline bool hugePages() const { return m_hugePages; } inline bool syslog() const { return m_syslog; } inline bool daemonized() const { return m_daemonized; } - inline bool useTls() const { return m_useTls; } inline bool ccUseTls() const { return m_ccUseTls; } inline const char *configFile() const { return m_configFile; } inline const char *apiToken() const { return m_apiToken; } @@ -138,7 +137,6 @@ private: bool m_safe; bool m_syslog; bool m_daemonized; - bool m_useTls; bool m_ccUseTls; const char* m_configFile; char *m_apiToken; diff --git a/src/cc/CCClient.cpp b/src/cc/CCClient.cpp index e0639525..2a8d776c 100644 --- a/src/cc/CCClient.cpp +++ b/src/cc/CCClient.cpp @@ -262,13 +262,13 @@ std::shared_ptr CCClient::performRequest(const std::string& r { std::shared_ptr cli; -# ifndef XMRIG_NO_SSL_TLS +# ifndef XMRIG_NO_TLS if (m_self->m_options->ccUseTls()) { cli = std::make_shared(m_self->m_options->ccHost(), m_self->m_options->ccPort()); } else { # endif cli = std::make_shared(m_self->m_options->ccHost(), m_self->m_options->ccPort()); -# ifndef XMRIG_NO_SSL_TLS +# ifndef XMRIG_NO_TLS } # endif diff --git a/src/cc/Httpd.cpp b/src/cc/Httpd.cpp index ce996fad..d388fc43 100644 --- a/src/cc/Httpd.cpp +++ b/src/cc/Httpd.cpp @@ -45,7 +45,7 @@ bool Httpd::start() return false; } -# ifndef XMRIG_NO_SSL_TLS +# ifndef XMRIG_NO_TLS if (m_options->ccUseTls()) { m_keyPem = readFile(m_options->ccKeyFile()); @@ -67,7 +67,7 @@ bool Httpd::start() m_daemon = MHD_start_daemon(MHD_USE_SELECT_INTERNALLY, static_cast(m_options->ccPort()), nullptr, nullptr, &Httpd::handler, this, MHD_OPTION_CONNECTION_TIMEOUT, (unsigned int) 10, MHD_OPTION_END); -# ifndef XMRIG_NO_SSL_TLS +# ifndef XMRIG_NO_TLS } # endif diff --git a/src/config.json b/src/config.json index 30c58b47..b2d57950 100644 --- a/src/config.json +++ b/src/config.json @@ -26,6 +26,7 @@ "url": "", // URL of mining server "user": "", // username for mining server "pass": "x", // password for mining server + "useTls" : false, // use tls for pool communication (need pool support) "keepalive": true, // send keepalived for prevent timeout (need pool support) "nicehash": false // enable nicehash/xmrig-proxy support } @@ -37,6 +38,7 @@ }, "cc-client": { "url": "localhost:3344", // url of the CC Server (ip:port) + "useTls" : false, // use tls for CC communication (needs to be enabled on CC Server too) "access-token": "mySecret", // access token for CC Server (has to be the same in config_cc.json) "worker-id": null, // custom worker-id for CC Server (otherwise hostname is used) "update-interval-s": 10 // status update interval in seconds (default: 10 min: 1) diff --git a/src/config_cc.json b/src/config_cc.json index 3315d83c..a459e5e0 100644 --- a/src/config_cc.json +++ b/src/config_cc.json @@ -5,6 +5,9 @@ "syslog": false, // use system log for output messages "cc-server": { "port": 3344, // port the CC Server will listens on + "useTls" : false, // use tls for CC communication (needs to be enabled on miners too) + "cert-file" : "server.pem", // when tls is turned on, use this to point to the right cert file + "key-file" : "server.key", // when tls is turned on, use this to point to the right key file "access-token": "mySecret", // access token for CC Clients (should be set!!!) "user": "admin", // admin user for access CC Dashboard "pass": "pass", // admin pass for access CC Dashboard diff --git a/src/default_config.json b/src/default_config.json index 30c58b47..b2d57950 100644 --- a/src/default_config.json +++ b/src/default_config.json @@ -26,6 +26,7 @@ "url": "", // URL of mining server "user": "", // username for mining server "pass": "x", // password for mining server + "useTls" : false, // use tls for pool communication (need pool support) "keepalive": true, // send keepalived for prevent timeout (need pool support) "nicehash": false // enable nicehash/xmrig-proxy support } @@ -37,6 +38,7 @@ }, "cc-client": { "url": "localhost:3344", // url of the CC Server (ip:port) + "useTls" : false, // use tls for CC communication (needs to be enabled on CC Server too) "access-token": "mySecret", // access token for CC Server (has to be the same in config_cc.json) "worker-id": null, // custom worker-id for CC Server (otherwise hostname is used) "update-interval-s": 10 // status update interval in seconds (default: 10 min: 1) diff --git a/src/net/Client.cpp b/src/net/Client.cpp index 062997c3..45daf2f1 100644 --- a/src/net/Client.cpp +++ b/src/net/Client.cpp @@ -268,8 +268,8 @@ void Client::connect() m_net->read_cb = Client::onRead; m_net->error_cb = Client::onError; -#ifndef XMRIG_NO_SSL_TLS - if (m_url.isTls()) { +#ifndef XMRIG_NO_TLS + if (m_url.useTls()) { tls_ctx* tls_ctx = tls_ctx_new(); net_set_tls(m_net, tls_ctx); } diff --git a/src/net/Client.h b/src/net/Client.h index 00a90055..363f0d1b 100644 --- a/src/net/Client.h +++ b/src/net/Client.h @@ -40,7 +40,7 @@ extern "C" { #include "net.h" -#ifndef XMRIG_NO_SSL_TLS +#ifndef XMRIG_NO_TLS #include "tls.h" #endif } diff --git a/src/net/Network.cpp b/src/net/Network.cpp index af21d0ad..490da91f 100644 --- a/src/net/Network.cpp +++ b/src/net/Network.cpp @@ -56,7 +56,7 @@ Network::Network(const Options *options) : const std::vector &pools = options->pools(); -#ifndef XMRIG_NO_SSL_TLS +#ifndef XMRIG_NO_TLS ssl_init(); #endif @@ -80,7 +80,7 @@ Network::Network(const Options *options) : Network::~Network() { -#ifndef XMRIG_NO_SSL_TLS +#ifndef XMRIG_NO_TLS ssl_destroy(); #endif } diff --git a/src/net/Url.cpp b/src/net/Url.cpp index 3bfc92a3..c020d4f7 100644 --- a/src/net/Url.cpp +++ b/src/net/Url.cpp @@ -58,7 +58,7 @@ Url::Url() : * @param url */ Url::Url(const char *url) : - m_tls(false), + m_useTls(false), m_keepAlive(false), m_nicehash(false), m_host(nullptr), @@ -70,8 +70,8 @@ Url::Url(const char *url) : } -Url::Url(const char *host, uint16_t port, const char *user, const char *password, bool tls, bool keepAlive, bool nicehash) : - m_tls(tls), +Url::Url(const char *host, uint16_t port, const char *user, const char *password, bool useTls, bool keepAlive, bool nicehash) : + m_useTls(useTls), m_keepAlive(keepAlive), m_nicehash(nicehash), m_password(password ? strdup(password) : nullptr), @@ -182,7 +182,7 @@ void Url::setUser(const char *user) Url &Url::operator=(const Url *other) { - m_tls = other->m_tls; + m_useTls = other->m_useTls; m_keepAlive = other->m_keepAlive; m_nicehash = other->m_nicehash; m_port = other->m_port; diff --git a/src/net/Url.h b/src/net/Url.h index 92951900..6d4788c6 100644 --- a/src/net/Url.h +++ b/src/net/Url.h @@ -37,10 +37,10 @@ public: Url(); Url(const char *url); - Url(const char *host, uint16_t port, const char *user = nullptr, const char *password = nullptr, bool tls = false, bool keepAlive = false, bool nicehash = false ); + Url(const char *host, uint16_t port, const char *user = nullptr, const char *password = nullptr, bool useTls = false, bool keepAlive = false, bool nicehash = false ); ~Url(); - inline bool isTls() const { return m_tls; } + inline bool useTls() const { return m_useTls; } inline bool isKeepAlive() const { return m_keepAlive; } inline bool isNicehash() const { return m_nicehash; } inline bool isValid() const { return m_host && m_port > 0; } @@ -48,7 +48,7 @@ public: inline const char *password() const { return m_password ? m_password : kDefaultPassword; } inline const char *user() const { return m_user ? m_user : kDefaultUser; } inline uint16_t port() const { return m_port; } - inline void setTls(bool tls) { m_tls = tls; } + inline void setUseTls(bool tls) { m_useTls = tls; } inline void setKeepAlive(bool keepAlive) { m_keepAlive = keepAlive; } inline void setNicehash(bool nicehash) { m_nicehash = nicehash; } @@ -61,7 +61,7 @@ public: Url &operator=(const Url *other); private: - bool m_tls; + bool m_useTls; bool m_keepAlive; bool m_nicehash; char *m_host; diff --git a/src/net/strategies/DonateStrategy.cpp b/src/net/strategies/DonateStrategy.cpp index ad64a8e5..4c5555ce 100644 --- a/src/net/strategies/DonateStrategy.cpp +++ b/src/net/strategies/DonateStrategy.cpp @@ -49,7 +49,7 @@ DonateStrategy::DonateStrategy(const char *agent, IStrategyListener *listener) : keccak(reinterpret_cast(user), static_cast(strlen(user)), hash, sizeof(hash)); Job::toHex(hash, 32, userId); -#ifndef XMRIG_NO_SSL_TLS +#ifndef XMRIG_NO_TLS Url *url = new Url("donate.graef.in", Options::i()->algo() == Options::ALGO_CRYPTONIGHT_LITE ? 8080 : 8081, userId, nullptr, true, false, true); #else Url *url = new Url("donate.graef.in", Options::i()->algo() == Options::ALGO_CRYPTONIGHT_LITE ? 80 : 443, userId, nullptr, false, false, true);