Conversation
1ma
force-pushed
the
stratum_auth
branch
2 times, most recently
from
a88329f to
9fc8abf
Compare
| password = json_array_get(params_obj, 1); | ||
| password_s = json_string_value(password); |
There was a problem hiding this comment.
| password = json_array_get(params_obj, 1); | |
| password_s = json_string_value(password); | |
| password_s = json_string_value(json_array_get(params_obj, 1)); |
| // do not send jobs to unauthorized clients | ||
| if (!m->authorized) { | ||
| // give unauthorized clients a bit of grace period to get authorization | ||
| usleep(1000000); |
There was a problem hiding this comment.
This will delay other clients too!
|
I started working on this because I wanted to expose my DATUM gateway to the internet and felt a bit uneasy (and also for completeness sake of the Sv1 protocol and to learn a bit about the DATUM codebase). However once it dawned on me that Sv1 is an unauthenticated plaintext protocol I didn't see the point of password authentication anymore. For my use case it's much more robust to run with If this sort of thing where to be seriously attempted it should be a BIP-310 extension and the mining rig would need to take a shared secret in the config to do HMAC authentication of JSON-RPC messages, or a public key to be able to do proper DH key exchange with the Sv1 server and fully encrypt the session. But both of these require updates in mining firmware, so I don't think it's in scope of the DATUM gateway. |
2 participants
Implements #138
TODO: Act on the value ofT_DATUM_MINER_DATA.authorizedwherever it needs to be taken into account (not sure yet, currently it's not used anywhere).Clients are now kicked after an unsuccessful authentication attempt, and when we send them work if they're not authenticated already (I think this could happen if the client simply sends a
mining.subscribeand then fails to send amining.authorize).