X-Git-Url: https://git.piment-noir.org/?a=blobdiff_plain;f=src%2Flib%2Fraop.c;h=9aafe65b18ef654e01303b7060e96629862cbae3;hb=a68fedbb434cf90caea9b83d7690e5465d1272df;hp=0a18391f77ba7e1b6e13dd6a7d5254dda2e44b83;hpb=406e97773573c7f8b4d019025e2694b914aca830;p=deb_shairplay.git

diff --git a/src/lib/raop.c b/src/lib/raop.c
index 0a18391..9aafe65 100644
--- a/src/lib/raop.c
+++ b/src/lib/raop.c
@@ -20,6 +20,7 @@
 #include "raop.h"
 #include "raop_rtp.h"
 #include "rsakey.h"
+#include "digest.h"
 #include "httpd.h"
 #include "sdp.h"
 
@@ -31,6 +32,12 @@
 /* Actually 345 bytes for 2048-bit key */
 #define MAX_SIGNATURE_LEN 512
 
+/* Let's just decide on some length */
+#define MAX_PASSWORD_LEN 64
+
+/* MD5 as hex fits here */
+#define MAX_NONCE_LEN 33
+
 struct raop_s {
 	/* Callbacks for audio */
 	raop_callbacks_t callbacks;
@@ -45,6 +52,9 @@ struct raop_s {
 	/* Hardware address information */
 	unsigned char hwaddr[MAX_HWADDR_LEN];
 	int hwaddrlen;
+
+	/* Password information */
+	char password[MAX_PASSWORD_LEN+1];
 };
 
 struct raop_conn_s {
@@ -56,6 +66,8 @@ struct raop_conn_s {
 
 	unsigned char *remote;
 	int remotelen;
+
+	char nonce[MAX_NONCE_LEN+1];
 };
 typedef struct raop_conn_s raop_conn_t;
 
@@ -63,7 +75,6 @@ static void *
 conn_init(void *opaque, unsigned char *local, int locallen, unsigned char *remote, int remotelen)
 {
 	raop_conn_t *conn;
-	int i;
 
 	conn = calloc(1, sizeof(raop_conn_t));
 	if (!conn) {
@@ -72,16 +83,26 @@ conn_init(void *opaque, unsigned char *local, int locallen, unsigned char *remot
 	conn->raop = opaque;
 	conn->raop_rtp = NULL;
 
-	logger_log(&conn->raop->logger, LOGGER_INFO, "Local: ");
-	for (i=0; i<locallen; i++) {
-		logger_log(&conn->raop->logger, LOGGER_INFO, "%02x", local[i]);
+	if (locallen == 4) {
+		logger_log(&conn->raop->logger, LOGGER_INFO,
+		           "Local: %d.%d.%d.%d\n",
+		           local[0], local[1], local[2], local[3]);
+	} else if (locallen == 16) {
+		logger_log(&conn->raop->logger, LOGGER_INFO,
+		           "Local: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n",
+		           local[0], local[1], local[2], local[3], local[4], local[5], local[6], local[7],
+		           local[8], local[9], local[10], local[11], local[12], local[13], local[14], local[15]);
 	}
-	logger_log(&conn->raop->logger, LOGGER_INFO, "\n");
-	logger_log(&conn->raop->logger, LOGGER_INFO, "Remote: ");
-	for (i=0; i<remotelen; i++) {
-		logger_log(&conn->raop->logger, LOGGER_INFO, "%02x", remote[i]);
+	if (remotelen == 4) {
+		logger_log(&conn->raop->logger, LOGGER_INFO,
+		           "Remote: %d.%d.%d.%d\n",
+		           remote[0], remote[1], remote[2], remote[3]);
+	} else if (remotelen == 16) {
+		logger_log(&conn->raop->logger, LOGGER_INFO,
+		           "Remote: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n",
+		           remote[0], remote[1], remote[2], remote[3], remote[4], remote[5], remote[6], remote[7],
+		           remote[8], remote[9], remote[10], remote[11], remote[12], remote[13], remote[14], remote[15]);
 	}
-	logger_log(&conn->raop->logger, LOGGER_INFO, "\n");
 
 	conn->local = malloc(locallen);
 	assert(conn->local);
@@ -93,6 +114,8 @@ conn_init(void *opaque, unsigned char *local, int locallen, unsigned char *remot
 
 	conn->locallen = locallen;
 	conn->remotelen = remotelen;
+
+	digest_generate_nonce(conn->nonce, sizeof(conn->nonce));
 	return conn;
 }
 
@@ -106,6 +129,7 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response)
 	const char *method;
 	const char *cseq;
 	const char *challenge;
+	int require_auth = 0;
 
 	method = http_request_get_method(request);
 	cseq = http_request_get_header(request, "CSeq");
@@ -114,6 +138,38 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response)
 	}
 
 	res = http_response_init("RTSP/1.0", 200, "OK");
+	if (strlen(raop->password)) {
+		const char *authorization;
+
+		authorization = http_request_get_header(request, "Authorization");
+		if (authorization) {
+			logger_log(&conn->raop->logger, LOGGER_DEBUG, "Authorization: %s\n", authorization);
+		}
+		if (!digest_is_valid("AppleTV", raop->password, conn->nonce, method, authorization)) {
+			char *authstr;
+			int authstrlen;
+
+			/* Allocate the authenticate string */
+			authstrlen = sizeof("Digest realm=\"AppleTV\", nonce=\"\"") + sizeof(conn->nonce) + 1;
+			authstr = malloc(authstrlen);
+
+			/* Concatenate the authenticate string */
+			memset(authstr, 0, authstrlen);
+			strcat(authstr, "Digest realm=\"AppleTV\", nonce=\"");
+			strcat(authstr, conn->nonce);
+			strcat(authstr, "\"");
+
+			/* Construct a new response */
+			require_auth = 1;
+			http_response_destroy(res);
+			res = http_response_init("RTSP/1.0", 401, "Unauthorized");
+			http_response_add_header(res, "WWW-Authenticate", authstr);
+			free(authstr);
+		} else {
+			logger_log(&conn->raop->logger, LOGGER_DEBUG, "AUTHENTICATION SUCCESS!\n");
+		}
+	}
+
 	http_response_add_header(res, "CSeq", cseq);
 	http_response_add_header(res, "Apple-Jack-Status", "connected; type=analog");
 
@@ -124,10 +180,15 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response)
 		memset(signature, 0, sizeof(signature));
 		rsakey_sign(raop->rsakey, signature, sizeof(signature), challenge,
 		            conn->local, conn->locallen, raop->hwaddr, raop->hwaddrlen);
-		logger_log(&conn->raop->logger, LOGGER_DEBUG, "Got signature: %s\n", signature);
 		http_response_add_header(res, "Apple-Response", signature);
+
+		logger_log(&conn->raop->logger, LOGGER_DEBUG, "Got challenge: %s\n", challenge);
+		logger_log(&conn->raop->logger, LOGGER_DEBUG, "Got response: %s\n", signature);
 	}
-	if (!strcmp(method, "OPTIONS")) {
+
+	if (require_auth) {
+		/* Do nothing in case of authentication request */
+	} else if (!strcmp(method, "OPTIONS")) {
 		http_response_add_header(res, "Public", "ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER");
 	} else if (!strcmp(method, "ANNOUNCE")) {
 		const char *data;
@@ -139,21 +200,35 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response)
 
 		data = http_request_get_data(request, &datalen);
 		if (data) {
-			sdp_t *sdp = sdp_init(data, datalen);
-			logger_log(&conn->raop->logger, LOGGER_DEBUG, "rsaaeskey: %s\n", sdp_get_rsaaeskey(sdp));
-			logger_log(&conn->raop->logger, LOGGER_DEBUG, "aesiv: %s\n", sdp_get_aesiv(sdp));
-
-			aeskeylen = rsakey_decrypt(raop->rsakey, aeskey, sizeof(aeskey),
-			                           sdp_get_rsaaeskey(sdp));
-			aesivlen = rsakey_parseiv(raop->rsakey, aesiv, sizeof(aesiv),
-			                          sdp_get_aesiv(sdp));
+			sdp_t *sdp;
+			const char *remotestr, *fmtpstr, *aeskeystr, *aesivstr;
+
+			sdp = sdp_init(data, datalen);
+			remotestr = sdp_get_connection(sdp);
+			fmtpstr = sdp_get_fmtp(sdp);
+			aeskeystr = sdp_get_rsaaeskey(sdp);
+			aesivstr = sdp_get_aesiv(sdp);
+
+			logger_log(&conn->raop->logger, LOGGER_DEBUG, "connection: %s\n", remotestr);
+			logger_log(&conn->raop->logger, LOGGER_DEBUG, "fmtp: %s\n", fmtpstr);
+			logger_log(&conn->raop->logger, LOGGER_DEBUG, "rsaaeskey: %s\n", aeskeystr);
+			logger_log(&conn->raop->logger, LOGGER_DEBUG, "aesiv: %s\n", aesivstr);
+
+			aeskeylen = rsakey_decrypt(raop->rsakey, aeskey, sizeof(aeskey), aeskeystr);
+			aesivlen = rsakey_parseiv(raop->rsakey, aesiv, sizeof(aesiv), aesivstr);
 			logger_log(&conn->raop->logger, LOGGER_DEBUG, "aeskeylen: %d\n", aeskeylen);
 			logger_log(&conn->raop->logger, LOGGER_DEBUG, "aesivlen: %d\n", aesivlen);
 
-			conn->raop_rtp = raop_rtp_init(&raop->logger, &raop->callbacks, sdp_get_fmtp(sdp), aeskey, aesiv);
+			if (conn->raop_rtp) {
+				/* This should never happen */
+				raop_rtp_destroy(conn->raop_rtp);
+				conn->raop_rtp = NULL;
+			}
+			conn->raop_rtp = raop_rtp_init(&raop->logger, &raop->callbacks, remotestr, fmtpstr, aeskey, aesiv);
 			sdp_destroy(sdp);
 		}
 	} else if (!strcmp(method, "SETUP")) {
+		unsigned short remote_cport=0, remote_tport=0;
 		unsigned short cport=0, tport=0, dport=0;
 		const char *transport;
 		char buffer[1024];
@@ -164,14 +239,35 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response)
 
 		logger_log(&conn->raop->logger, LOGGER_INFO, "Transport: %s\n", transport);
 		use_udp = strncmp(transport, "RTP/AVP/TCP", 11);
-
-		/* FIXME: Should use the parsed ports for resend */
-		raop_rtp_start(conn->raop_rtp, use_udp, 1234, 1234, &cport, &tport, &dport);
+		if (use_udp) {
+			char *original, *current, *tmpstr;
+
+			current = original = strdup(transport);
+			if (original) {
+				while ((tmpstr = utils_strsep(&current, ";")) != NULL) {
+					unsigned short value;
+					int ret;
+
+					ret = sscanf(tmpstr, "control_port=%hu", &value);
+					if (ret == 1) {
+						logger_log(&conn->raop->logger, LOGGER_DEBUG, "Found remote control port: %hu\n", value);
+						remote_cport = value;
+					}
+					ret = sscanf(tmpstr, "timing_port=%hu", &value);
+					if (ret == 1) {
+						logger_log(&conn->raop->logger, LOGGER_DEBUG, "Found remote timing port: %hu\n", value);
+						remote_tport = value;
+					}
+				}
+			}
+			free(original);
+		}
+		raop_rtp_start(conn->raop_rtp, use_udp, remote_cport, remote_tport, &cport, &tport, &dport);
 
 		memset(buffer, 0, sizeof(buffer));
 		if (use_udp) {
 			snprintf(buffer, sizeof(buffer)-1,
-			         "RTP/AVP/UDP;unicast;mode=record;timing_port=%u;events;control_port=%u;server_port=%u",
+			         "RTP/AVP/UDP;unicast;mode=record;timing_port=%hu;events;control_port=%hu;server_port=%hu",
 			         tport, cport, dport);
 		} else {
 			snprintf(buffer, sizeof(buffer)-1,
@@ -188,7 +284,7 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response)
 
 		data = http_request_get_data(request, &datalen);
 		datastr = calloc(1, datalen+1);
-		if (datastr) {
+		if (data && datastr && conn->raop_rtp) {
 			memcpy(datastr, data, datalen);
 			if (!strncmp(datastr, "volume: ", 8)) {
 				float vol = 0.0;
@@ -201,18 +297,23 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response)
 		int next_seq = -1;
 
 		rtpinfo = http_request_get_header(request, "RTP-Info");
-		assert(rtpinfo);
-
-		logger_log(&conn->raop->logger, LOGGER_INFO, "RTP-Info: %s\n", rtpinfo);
-		if (!strncmp(rtpinfo, "seq=", 4)) {
-			next_seq = strtol(rtpinfo+4, NULL, 10);
+		if (rtpinfo) {
+			logger_log(&conn->raop->logger, LOGGER_INFO, "Flush with RTP-Info: %s\n", rtpinfo);
+			if (!strncmp(rtpinfo, "seq=", 4)) {
+				next_seq = strtol(rtpinfo+4, NULL, 10);
+			}
+		}
+		if (conn->raop_rtp) {
+			raop_rtp_flush(conn->raop_rtp, next_seq);
 		}
-		raop_rtp_flush(conn->raop_rtp, next_seq);
 	} else if (!strcmp(method, "TEARDOWN")) {
 		http_response_add_header(res, "Connection", "close");
-		raop_rtp_stop(conn->raop_rtp);
-		raop_rtp_destroy(conn->raop_rtp);
-		conn->raop_rtp = NULL;
+		if (conn->raop_rtp) {
+			/* Destroy our RTP session */
+			raop_rtp_stop(conn->raop_rtp);
+			raop_rtp_destroy(conn->raop_rtp);
+			conn->raop_rtp = NULL;
+		}
 	}
 	http_response_finish(res, NULL, 0);
 
@@ -226,6 +327,7 @@ conn_destroy(void *ptr)
 	raop_conn_t *conn = ptr;
 
 	if (conn->raop_rtp) {
+		/* This is done in case TEARDOWN was not called */
 		raop_rtp_destroy(conn->raop_rtp);
 	}
 	free(conn->local);
@@ -326,7 +428,7 @@ raop_destroy(raop_t *raop)
 }
 
 int
-raop_start(raop_t *raop, unsigned short *port, const char *hwaddr, int hwaddrlen)
+raop_start(raop_t *raop, unsigned short *port, const char *hwaddr, int hwaddrlen, const char *password)
 {
 	assert(raop);
 	assert(port);
@@ -337,6 +439,17 @@ raop_start(raop_t *raop, unsigned short *port, const char *hwaddr, int hwaddrlen
 		return -1;
 	}
 
+	memset(raop->password, 0, sizeof(raop->password));
+	if (password) {
+		/* Validate password */
+		if (strlen(password) > MAX_PASSWORD_LEN) {
+			return -1;
+		}
+
+		/* Copy password to the raop structure */
+		strncpy(raop->password, password, MAX_PASSWORD_LEN);
+	}
+
 	/* Copy hwaddr to the raop structure */
 	memcpy(raop->hwaddr, hwaddr, hwaddrlen);
 	raop->hwaddrlen = hwaddrlen;