#include "raop.h"
#include "raop_rtp.h"
#include "rsakey.h"
+#include "digest.h"
#include "httpd.h"
#include "sdp.h"
/* Actually 345 bytes for 2048-bit key */
#define MAX_SIGNATURE_LEN 512
+/* Let's just decide on some length */
+#define MAX_PASSWORD_LEN 64
+
+/* MD5 as hex fits here */
+#define MAX_NONCE_LEN 32
+
struct raop_s {
/* Callbacks for audio */
raop_callbacks_t callbacks;
/* Hardware address information */
unsigned char hwaddr[MAX_HWADDR_LEN];
int hwaddrlen;
+
+ /* Password information */
+ char password[MAX_PASSWORD_LEN+1];
};
struct raop_conn_s {
unsigned char *remote;
int remotelen;
+
+ char nonce[MAX_NONCE_LEN+1];
};
typedef struct raop_conn_s raop_conn_t;
conn->locallen = locallen;
conn->remotelen = remotelen;
+
+ digest_generate_nonce(conn->nonce, sizeof(conn->nonce));
return conn;
}
const char *method;
const char *cseq;
const char *challenge;
+ int require_auth = 0;
method = http_request_get_method(request);
cseq = http_request_get_header(request, "CSeq");
}
res = http_response_init("RTSP/1.0", 200, "OK");
+ if (strlen(raop->password)) {
+ const char *authorization;
+
+ authorization = http_request_get_header(request, "Authorization");
+ if (authorization) {
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "Our nonce: %s\n", conn->nonce);
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "Authorization: %s\n", authorization);
+ }
+ if (!digest_is_valid("AppleTV", raop->password, conn->nonce, method, http_request_get_url(request), authorization)) {
+ char *authstr;
+ int authstrlen;
+
+ /* Allocate the authenticate string */
+ authstrlen = sizeof("Digest realm=\"AppleTV\", nonce=\"\"") + sizeof(conn->nonce) + 1;
+ authstr = malloc(authstrlen);
+
+ /* Concatenate the authenticate string */
+ memset(authstr, 0, authstrlen);
+ strcat(authstr, "Digest realm=\"AppleTV\", nonce=\"");
+ strcat(authstr, conn->nonce);
+ strcat(authstr, "\"");
+
+ /* Construct a new response */
+ require_auth = 1;
+ http_response_destroy(res);
+ res = http_response_init("RTSP/1.0", 401, "Unauthorized");
+ http_response_add_header(res, "WWW-Authenticate", authstr);
+ free(authstr);
+ } else {
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "AUTHENTICATION SUCCESS!\n");
+ }
+ }
+
http_response_add_header(res, "CSeq", cseq);
http_response_add_header(res, "Apple-Jack-Status", "connected; type=analog");
logger_log(&conn->raop->logger, LOGGER_DEBUG, "Got challenge: %s\n", challenge);
logger_log(&conn->raop->logger, LOGGER_DEBUG, "Got response: %s\n", signature);
}
- if (!strcmp(method, "OPTIONS")) {
+
+ if (require_auth) {
+ /* Do nothing in case of authentication request */
+ } else if (!strcmp(method, "OPTIONS")) {
http_response_add_header(res, "Public", "ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER");
} else if (!strcmp(method, "ANNOUNCE")) {
const char *data;
data = http_request_get_data(request, &datalen);
if (data) {
- sdp_t *sdp = sdp_init(data, datalen);
- logger_log(&conn->raop->logger, LOGGER_DEBUG, "rsaaeskey: %s\n", sdp_get_rsaaeskey(sdp));
- logger_log(&conn->raop->logger, LOGGER_DEBUG, "aesiv: %s\n", sdp_get_aesiv(sdp));
-
- aeskeylen = rsakey_decrypt(raop->rsakey, aeskey, sizeof(aeskey),
- sdp_get_rsaaeskey(sdp));
- aesivlen = rsakey_parseiv(raop->rsakey, aesiv, sizeof(aesiv),
- sdp_get_aesiv(sdp));
+ sdp_t *sdp;
+ const char *remotestr, *fmtpstr, *aeskeystr, *aesivstr;
+
+ sdp = sdp_init(data, datalen);
+ remotestr = sdp_get_connection(sdp);
+ fmtpstr = sdp_get_fmtp(sdp);
+ aeskeystr = sdp_get_rsaaeskey(sdp);
+ aesivstr = sdp_get_aesiv(sdp);
+
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "connection: %s\n", remotestr);
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "fmtp: %s\n", fmtpstr);
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "rsaaeskey: %s\n", aeskeystr);
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "aesiv: %s\n", aesivstr);
+
+ aeskeylen = rsakey_decrypt(raop->rsakey, aeskey, sizeof(aeskey), aeskeystr);
+ aesivlen = rsakey_parseiv(raop->rsakey, aesiv, sizeof(aesiv), aesivstr);
logger_log(&conn->raop->logger, LOGGER_DEBUG, "aeskeylen: %d\n", aeskeylen);
logger_log(&conn->raop->logger, LOGGER_DEBUG, "aesivlen: %d\n", aesivlen);
raop_rtp_destroy(conn->raop_rtp);
conn->raop_rtp = NULL;
}
- conn->raop_rtp = raop_rtp_init(&raop->logger, &raop->callbacks, sdp_get_fmtp(sdp), aeskey, aesiv);
+ conn->raop_rtp = raop_rtp_init(&raop->logger, &raop->callbacks, remotestr, fmtpstr, aeskey, aesiv);
sdp_destroy(sdp);
}
} else if (!strcmp(method, "SETUP")) {
+ unsigned short remote_cport=0, remote_tport=0;
unsigned short cport=0, tport=0, dport=0;
const char *transport;
char buffer[1024];
logger_log(&conn->raop->logger, LOGGER_INFO, "Transport: %s\n", transport);
use_udp = strncmp(transport, "RTP/AVP/TCP", 11);
-
- /* FIXME: Should use the parsed ports for resend */
- raop_rtp_start(conn->raop_rtp, use_udp, 1234, 1234, &cport, &tport, &dport);
+ if (use_udp) {
+ char *original, *current, *tmpstr;
+
+ current = original = strdup(transport);
+ if (original) {
+ while ((tmpstr = utils_strsep(¤t, ";")) != NULL) {
+ unsigned short value;
+ int ret;
+
+ ret = sscanf(tmpstr, "control_port=%hu", &value);
+ if (ret == 1) {
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "Found remote control port: %hu\n", value);
+ remote_cport = value;
+ }
+ ret = sscanf(tmpstr, "timing_port=%hu", &value);
+ if (ret == 1) {
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "Found remote timing port: %hu\n", value);
+ remote_tport = value;
+ }
+ }
+ }
+ free(original);
+ }
+ raop_rtp_start(conn->raop_rtp, use_udp, remote_cport, remote_tport, &cport, &tport, &dport);
memset(buffer, 0, sizeof(buffer));
if (use_udp) {
snprintf(buffer, sizeof(buffer)-1,
- "RTP/AVP/UDP;unicast;mode=record;timing_port=%u;events;control_port=%u;server_port=%u",
+ "RTP/AVP/UDP;unicast;mode=record;timing_port=%hu;events;control_port=%hu;server_port=%hu",
tport, cport, dport);
} else {
snprintf(buffer, sizeof(buffer)-1,
}
int
-raop_start(raop_t *raop, unsigned short *port, const char *hwaddr, int hwaddrlen)
+raop_start(raop_t *raop, unsigned short *port, const char *hwaddr, int hwaddrlen, const char *password)
{
assert(raop);
assert(port);
return -1;
}
+ memset(raop->password, 0, sizeof(raop->password));
+ if (password) {
+ /* Validate password */
+ if (strlen(password) > MAX_PASSWORD_LEN) {
+ return -1;
+ }
+
+ /* Copy password to the raop structure */
+ strncpy(raop->password, password, MAX_PASSWORD_LEN);
+ }
+
/* Copy hwaddr to the raop structure */
memcpy(raop->hwaddr, hwaddr, hwaddrlen);
raop->hwaddrlen = hwaddrlen;