#include "raop.h"
#include "raop_rtp.h"
#include "rsakey.h"
+#include "digest.h"
#include "httpd.h"
#include "sdp.h"
/* Actually 345 bytes for 2048-bit key */
#define MAX_SIGNATURE_LEN 512
+/* Let's just decide on some length */
+#define MAX_PASSWORD_LEN 64
+
+/* MD5 as hex fits here */
+#define MAX_NONCE_LEN 32
+
struct raop_s {
/* Callbacks for audio */
raop_callbacks_t callbacks;
/* Hardware address information */
unsigned char hwaddr[MAX_HWADDR_LEN];
int hwaddrlen;
+
+ /* Password information */
+ char password[MAX_PASSWORD_LEN+1];
};
struct raop_conn_s {
unsigned char *remote;
int remotelen;
+
+ char nonce[MAX_NONCE_LEN+1];
};
typedef struct raop_conn_s raop_conn_t;
if (locallen == 4) {
logger_log(&conn->raop->logger, LOGGER_INFO,
- "Local: %d.%d.%d.%d\n",
+ "Local: %d.%d.%d.%d",
local[0], local[1], local[2], local[3]);
} else if (locallen == 16) {
logger_log(&conn->raop->logger, LOGGER_INFO,
- "Local: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n",
+ "Local: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x",
local[0], local[1], local[2], local[3], local[4], local[5], local[6], local[7],
local[8], local[9], local[10], local[11], local[12], local[13], local[14], local[15]);
}
if (remotelen == 4) {
logger_log(&conn->raop->logger, LOGGER_INFO,
- "Remote: %d.%d.%d.%d\n",
+ "Remote: %d.%d.%d.%d",
remote[0], remote[1], remote[2], remote[3]);
} else if (remotelen == 16) {
logger_log(&conn->raop->logger, LOGGER_INFO,
- "Remote: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n",
+ "Remote: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x",
remote[0], remote[1], remote[2], remote[3], remote[4], remote[5], remote[6], remote[7],
remote[8], remote[9], remote[10], remote[11], remote[12], remote[13], remote[14], remote[15]);
}
conn->locallen = locallen;
conn->remotelen = remotelen;
+
+ digest_generate_nonce(conn->nonce, sizeof(conn->nonce));
return conn;
}
const char *method;
const char *cseq;
const char *challenge;
+ int require_auth = 0;
method = http_request_get_method(request);
cseq = http_request_get_header(request, "CSeq");
}
res = http_response_init("RTSP/1.0", 200, "OK");
+ if (strlen(raop->password)) {
+ const char *authorization;
+
+ authorization = http_request_get_header(request, "Authorization");
+ if (authorization) {
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "Our nonce: %s", conn->nonce);
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "Authorization: %s", authorization);
+ }
+ if (!digest_is_valid("AppleTV", raop->password, conn->nonce, method, http_request_get_url(request), authorization)) {
+ char *authstr;
+ int authstrlen;
+
+ /* Allocate the authenticate string */
+ authstrlen = sizeof("Digest realm=\"AppleTV\", nonce=\"\"") + sizeof(conn->nonce) + 1;
+ authstr = malloc(authstrlen);
+
+ /* Concatenate the authenticate string */
+ memset(authstr, 0, authstrlen);
+ strcat(authstr, "Digest realm=\"AppleTV\", nonce=\"");
+ strcat(authstr, conn->nonce);
+ strcat(authstr, "\"");
+
+ /* Construct a new response */
+ require_auth = 1;
+ http_response_destroy(res);
+ res = http_response_init("RTSP/1.0", 401, "Unauthorized");
+ http_response_add_header(res, "WWW-Authenticate", authstr);
+ free(authstr);
+ } else {
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "AUTHENTICATION SUCCESS!");
+ }
+ }
+
http_response_add_header(res, "CSeq", cseq);
http_response_add_header(res, "Apple-Jack-Status", "connected; type=analog");
challenge = http_request_get_header(request, "Apple-Challenge");
- if (challenge) {
+ if (!require_auth && challenge) {
char signature[MAX_SIGNATURE_LEN];
memset(signature, 0, sizeof(signature));
conn->local, conn->locallen, raop->hwaddr, raop->hwaddrlen);
http_response_add_header(res, "Apple-Response", signature);
- logger_log(&conn->raop->logger, LOGGER_DEBUG, "Got challenge: %s\n", challenge);
- logger_log(&conn->raop->logger, LOGGER_DEBUG, "Got response: %s\n", signature);
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "Got challenge: %s", challenge);
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "Got response: %s", signature);
}
- if (!strcmp(method, "OPTIONS")) {
+
+ if (require_auth) {
+ /* Do nothing in case of authentication request */
+ } else if (!strcmp(method, "OPTIONS")) {
http_response_add_header(res, "Public", "ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER");
} else if (!strcmp(method, "ANNOUNCE")) {
const char *data;
data = http_request_get_data(request, &datalen);
if (data) {
- sdp_t *sdp = sdp_init(data, datalen);
- logger_log(&conn->raop->logger, LOGGER_DEBUG, "rsaaeskey: %s\n", sdp_get_rsaaeskey(sdp));
- logger_log(&conn->raop->logger, LOGGER_DEBUG, "aesiv: %s\n", sdp_get_aesiv(sdp));
+ sdp_t *sdp;
+ const char *remotestr, *fmtpstr, *aeskeystr, *aesivstr;
+
+ sdp = sdp_init(data, datalen);
+ remotestr = sdp_get_connection(sdp);
+ fmtpstr = sdp_get_fmtp(sdp);
+ aeskeystr = sdp_get_rsaaeskey(sdp);
+ aesivstr = sdp_get_aesiv(sdp);
+
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "connection: %s", remotestr);
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "fmtp: %s", fmtpstr);
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "rsaaeskey: %s", aeskeystr);
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "aesiv: %s", aesivstr);
- aeskeylen = rsakey_decrypt(raop->rsakey, aeskey, sizeof(aeskey),
- sdp_get_rsaaeskey(sdp));
- aesivlen = rsakey_parseiv(raop->rsakey, aesiv, sizeof(aesiv),
- sdp_get_aesiv(sdp));
- logger_log(&conn->raop->logger, LOGGER_DEBUG, "aeskeylen: %d\n", aeskeylen);
- logger_log(&conn->raop->logger, LOGGER_DEBUG, "aesivlen: %d\n", aesivlen);
+ aeskeylen = rsakey_decrypt(raop->rsakey, aeskey, sizeof(aeskey), aeskeystr);
+ aesivlen = rsakey_parseiv(raop->rsakey, aesiv, sizeof(aesiv), aesivstr);
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "aeskeylen: %d", aeskeylen);
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "aesivlen: %d", aesivlen);
if (conn->raop_rtp) {
/* This should never happen */
raop_rtp_destroy(conn->raop_rtp);
conn->raop_rtp = NULL;
}
- conn->raop_rtp = raop_rtp_init(&raop->logger, &raop->callbacks, sdp_get_fmtp(sdp), aeskey, aesiv);
+ conn->raop_rtp = raop_rtp_init(&raop->logger, &raop->callbacks, remotestr, fmtpstr, aeskey, aesiv);
sdp_destroy(sdp);
}
} else if (!strcmp(method, "SETUP")) {
+ unsigned short remote_cport=0, remote_tport=0;
unsigned short cport=0, tport=0, dport=0;
const char *transport;
char buffer[1024];
transport = http_request_get_header(request, "Transport");
assert(transport);
- logger_log(&conn->raop->logger, LOGGER_INFO, "Transport: %s\n", transport);
+ logger_log(&conn->raop->logger, LOGGER_INFO, "Transport: %s", transport);
use_udp = strncmp(transport, "RTP/AVP/TCP", 11);
-
- /* FIXME: Should use the parsed ports for resend */
- raop_rtp_start(conn->raop_rtp, use_udp, 1234, 1234, &cport, &tport, &dport);
+ if (use_udp) {
+ char *original, *current, *tmpstr;
+
+ current = original = strdup(transport);
+ if (original) {
+ while ((tmpstr = utils_strsep(¤t, ";")) != NULL) {
+ unsigned short value;
+ int ret;
+
+ ret = sscanf(tmpstr, "control_port=%hu", &value);
+ if (ret == 1) {
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "Found remote control port: %hu", value);
+ remote_cport = value;
+ }
+ ret = sscanf(tmpstr, "timing_port=%hu", &value);
+ if (ret == 1) {
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "Found remote timing port: %hu", value);
+ remote_tport = value;
+ }
+ }
+ }
+ free(original);
+ }
+ raop_rtp_start(conn->raop_rtp, use_udp, remote_cport, remote_tport, &cport, &tport, &dport);
memset(buffer, 0, sizeof(buffer));
if (use_udp) {
snprintf(buffer, sizeof(buffer)-1,
- "RTP/AVP/UDP;unicast;mode=record;timing_port=%u;events;control_port=%u;server_port=%u",
+ "RTP/AVP/UDP;unicast;mode=record;timing_port=%hu;events;control_port=%hu;server_port=%hu",
tport, cport, dport);
} else {
snprintf(buffer, sizeof(buffer)-1,
"RTP/AVP/TCP;unicast;interleaved=0-1;mode=record;server_port=%u",
dport);
}
- logger_log(&conn->raop->logger, LOGGER_INFO, "Responding with %s\n", buffer);
+ logger_log(&conn->raop->logger, LOGGER_INFO, "Responding with %s", buffer);
http_response_add_header(res, "Transport", buffer);
http_response_add_header(res, "Session", "DEADBEEF");
} else if (!strcmp(method, "SET_PARAMETER")) {
memcpy(datastr, data, datalen);
if (!strncmp(datastr, "volume: ", 8)) {
float vol = 0.0;
- sscanf(data+8, "%f", &vol);
+ sscanf(datastr+8, "%f", &vol);
raop_rtp_set_volume(conn->raop_rtp, vol);
}
}
+ free(datastr);
} else if (!strcmp(method, "FLUSH")) {
const char *rtpinfo;
int next_seq = -1;
rtpinfo = http_request_get_header(request, "RTP-Info");
if (rtpinfo) {
- logger_log(&conn->raop->logger, LOGGER_INFO, "Flush with RTP-Info: %s\n", rtpinfo);
+ logger_log(&conn->raop->logger, LOGGER_INFO, "Flush with RTP-Info: %s", rtpinfo);
if (!strncmp(rtpinfo, "seq=", 4)) {
next_seq = strtol(rtpinfo+4, NULL, 10);
}
}
http_response_finish(res, NULL, 0);
- logger_log(&conn->raop->logger, LOGGER_DEBUG, "Got request %s with URL %s\n", method, http_request_get_url(request));
+ logger_log(&conn->raop->logger, LOGGER_DEBUG, "Got request %s with URL %s", method, http_request_get_url(request));
*response = res;
}
}
int
-raop_start(raop_t *raop, unsigned short *port, const char *hwaddr, int hwaddrlen)
+raop_is_running(raop_t *raop)
+{
+ assert(raop);
+
+ return httpd_is_running(raop->httpd);
+}
+
+int
+raop_start(raop_t *raop, unsigned short *port, const char *hwaddr, int hwaddrlen, const char *password)
{
assert(raop);
assert(port);
return -1;
}
+ memset(raop->password, 0, sizeof(raop->password));
+ if (password) {
+ /* Validate password */
+ if (strlen(password) > MAX_PASSWORD_LEN) {
+ return -1;
+ }
+
+ /* Copy password to the raop structure */
+ strncpy(raop->password, password, MAX_PASSWORD_LEN);
+ }
+
/* Copy hwaddr to the raop structure */
memcpy(raop->hwaddr, hwaddr, hwaddrlen);
raop->hwaddrlen = hwaddrlen;