X-Git-Url: https://git.piment-noir.org/?a=blobdiff_plain;f=src%2Flib%2Fraop.c;h=fe57735329f95d6a9f672d4054a56a383b29312f;hb=5a746b97186cd50b3c787824ea2290dc88d84ed0;hp=1ce99de1a5619c28f1de639f77fd6ffa8b643bba;hpb=c891f9781b4a0567dd62281589975388e2013ced;p=deb_shairplay.git diff --git a/src/lib/raop.c b/src/lib/raop.c index 1ce99de..fe57735 100644 --- a/src/lib/raop.c +++ b/src/lib/raop.c @@ -20,6 +20,7 @@ #include "raop.h" #include "raop_rtp.h" #include "rsakey.h" +#include "digest.h" #include "httpd.h" #include "sdp.h" @@ -31,6 +32,12 @@ /* Actually 345 bytes for 2048-bit key */ #define MAX_SIGNATURE_LEN 512 +/* Let's just decide on some length */ +#define MAX_PASSWORD_LEN 64 + +/* MD5 as hex fits here */ +#define MAX_NONCE_LEN 32 + struct raop_s { /* Callbacks for audio */ raop_callbacks_t callbacks; @@ -45,6 +52,9 @@ struct raop_s { /* Hardware address information */ unsigned char hwaddr[MAX_HWADDR_LEN]; int hwaddrlen; + + /* Password information */ + char password[MAX_PASSWORD_LEN+1]; }; struct raop_conn_s { @@ -56,6 +66,8 @@ struct raop_conn_s { unsigned char *remote; int remotelen; + + char nonce[MAX_NONCE_LEN+1]; }; typedef struct raop_conn_s raop_conn_t; @@ -102,6 +114,8 @@ conn_init(void *opaque, unsigned char *local, int locallen, unsigned char *remot conn->locallen = locallen; conn->remotelen = remotelen; + + digest_generate_nonce(conn->nonce, sizeof(conn->nonce)); return conn; } @@ -115,6 +129,7 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response) const char *method; const char *cseq; const char *challenge; + int require_auth = 0; method = http_request_get_method(request); cseq = http_request_get_header(request, "CSeq"); @@ -123,11 +138,44 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response) } res = http_response_init("RTSP/1.0", 200, "OK"); + if (strlen(raop->password)) { + const char *authorization; + + authorization = http_request_get_header(request, "Authorization"); + if (authorization) { + logger_log(&conn->raop->logger, LOGGER_DEBUG, "Our nonce: %s\n", conn->nonce); + logger_log(&conn->raop->logger, LOGGER_DEBUG, "Authorization: %s\n", authorization); + } + if (!digest_is_valid("AppleTV", raop->password, conn->nonce, method, http_request_get_url(request), authorization)) { + char *authstr; + int authstrlen; + + /* Allocate the authenticate string */ + authstrlen = sizeof("Digest realm=\"AppleTV\", nonce=\"\"") + sizeof(conn->nonce) + 1; + authstr = malloc(authstrlen); + + /* Concatenate the authenticate string */ + memset(authstr, 0, authstrlen); + strcat(authstr, "Digest realm=\"AppleTV\", nonce=\""); + strcat(authstr, conn->nonce); + strcat(authstr, "\""); + + /* Construct a new response */ + require_auth = 1; + http_response_destroy(res); + res = http_response_init("RTSP/1.0", 401, "Unauthorized"); + http_response_add_header(res, "WWW-Authenticate", authstr); + free(authstr); + } else { + logger_log(&conn->raop->logger, LOGGER_DEBUG, "AUTHENTICATION SUCCESS!\n"); + } + } + http_response_add_header(res, "CSeq", cseq); http_response_add_header(res, "Apple-Jack-Status", "connected; type=analog"); challenge = http_request_get_header(request, "Apple-Challenge"); - if (challenge) { + if (!require_auth && challenge) { char signature[MAX_SIGNATURE_LEN]; memset(signature, 0, sizeof(signature)); @@ -138,7 +186,10 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response) logger_log(&conn->raop->logger, LOGGER_DEBUG, "Got challenge: %s\n", challenge); logger_log(&conn->raop->logger, LOGGER_DEBUG, "Got response: %s\n", signature); } - if (!strcmp(method, "OPTIONS")) { + + if (require_auth) { + /* Do nothing in case of authentication request */ + } else if (!strcmp(method, "OPTIONS")) { http_response_add_header(res, "Public", "ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER"); } else if (!strcmp(method, "ANNOUNCE")) { const char *data; @@ -150,14 +201,22 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response) data = http_request_get_data(request, &datalen); if (data) { - sdp_t *sdp = sdp_init(data, datalen); - logger_log(&conn->raop->logger, LOGGER_DEBUG, "rsaaeskey: %s\n", sdp_get_rsaaeskey(sdp)); - logger_log(&conn->raop->logger, LOGGER_DEBUG, "aesiv: %s\n", sdp_get_aesiv(sdp)); - - aeskeylen = rsakey_decrypt(raop->rsakey, aeskey, sizeof(aeskey), - sdp_get_rsaaeskey(sdp)); - aesivlen = rsakey_parseiv(raop->rsakey, aesiv, sizeof(aesiv), - sdp_get_aesiv(sdp)); + sdp_t *sdp; + const char *remotestr, *fmtpstr, *aeskeystr, *aesivstr; + + sdp = sdp_init(data, datalen); + remotestr = sdp_get_connection(sdp); + fmtpstr = sdp_get_fmtp(sdp); + aeskeystr = sdp_get_rsaaeskey(sdp); + aesivstr = sdp_get_aesiv(sdp); + + logger_log(&conn->raop->logger, LOGGER_DEBUG, "connection: %s\n", remotestr); + logger_log(&conn->raop->logger, LOGGER_DEBUG, "fmtp: %s\n", fmtpstr); + logger_log(&conn->raop->logger, LOGGER_DEBUG, "rsaaeskey: %s\n", aeskeystr); + logger_log(&conn->raop->logger, LOGGER_DEBUG, "aesiv: %s\n", aesivstr); + + aeskeylen = rsakey_decrypt(raop->rsakey, aeskey, sizeof(aeskey), aeskeystr); + aesivlen = rsakey_parseiv(raop->rsakey, aesiv, sizeof(aesiv), aesivstr); logger_log(&conn->raop->logger, LOGGER_DEBUG, "aeskeylen: %d\n", aeskeylen); logger_log(&conn->raop->logger, LOGGER_DEBUG, "aesivlen: %d\n", aesivlen); @@ -166,10 +225,11 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response) raop_rtp_destroy(conn->raop_rtp); conn->raop_rtp = NULL; } - conn->raop_rtp = raop_rtp_init(&raop->logger, &raop->callbacks, sdp_get_fmtp(sdp), aeskey, aesiv); + conn->raop_rtp = raop_rtp_init(&raop->logger, &raop->callbacks, remotestr, fmtpstr, aeskey, aesiv); sdp_destroy(sdp); } } else if (!strcmp(method, "SETUP")) { + unsigned short remote_cport=0, remote_tport=0; unsigned short cport=0, tport=0, dport=0; const char *transport; char buffer[1024]; @@ -180,14 +240,35 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response) logger_log(&conn->raop->logger, LOGGER_INFO, "Transport: %s\n", transport); use_udp = strncmp(transport, "RTP/AVP/TCP", 11); - - /* FIXME: Should use the parsed ports for resend */ - raop_rtp_start(conn->raop_rtp, use_udp, 1234, 1234, &cport, &tport, &dport); + if (use_udp) { + char *original, *current, *tmpstr; + + current = original = strdup(transport); + if (original) { + while ((tmpstr = utils_strsep(¤t, ";")) != NULL) { + unsigned short value; + int ret; + + ret = sscanf(tmpstr, "control_port=%hu", &value); + if (ret == 1) { + logger_log(&conn->raop->logger, LOGGER_DEBUG, "Found remote control port: %hu\n", value); + remote_cport = value; + } + ret = sscanf(tmpstr, "timing_port=%hu", &value); + if (ret == 1) { + logger_log(&conn->raop->logger, LOGGER_DEBUG, "Found remote timing port: %hu\n", value); + remote_tport = value; + } + } + } + free(original); + } + raop_rtp_start(conn->raop_rtp, use_udp, remote_cport, remote_tport, &cport, &tport, &dport); memset(buffer, 0, sizeof(buffer)); if (use_udp) { snprintf(buffer, sizeof(buffer)-1, - "RTP/AVP/UDP;unicast;mode=record;timing_port=%u;events;control_port=%u;server_port=%u", + "RTP/AVP/UDP;unicast;mode=record;timing_port=%hu;events;control_port=%hu;server_port=%hu", tport, cport, dport); } else { snprintf(buffer, sizeof(buffer)-1, @@ -208,10 +289,11 @@ conn_request(void *ptr, http_request_t *request, http_response_t **response) memcpy(datastr, data, datalen); if (!strncmp(datastr, "volume: ", 8)) { float vol = 0.0; - sscanf(data+8, "%f", &vol); + sscanf(datastr+8, "%f", &vol); raop_rtp_set_volume(conn->raop_rtp, vol); } } + free(datastr); } else if (!strcmp(method, "FLUSH")) { const char *rtpinfo; int next_seq = -1; @@ -348,7 +430,15 @@ raop_destroy(raop_t *raop) } int -raop_start(raop_t *raop, unsigned short *port, const char *hwaddr, int hwaddrlen) +raop_is_running(raop_t *raop) +{ + assert(raop); + + return httpd_is_running(raop->httpd); +} + +int +raop_start(raop_t *raop, unsigned short *port, const char *hwaddr, int hwaddrlen, const char *password) { assert(raop); assert(port); @@ -359,6 +449,17 @@ raop_start(raop_t *raop, unsigned short *port, const char *hwaddr, int hwaddrlen return -1; } + memset(raop->password, 0, sizeof(raop->password)); + if (password) { + /* Validate password */ + if (strlen(password) > MAX_PASSWORD_LEN) { + return -1; + } + + /* Copy password to the raop structure */ + strncpy(raop->password, password, MAX_PASSWORD_LEN); + } + /* Copy hwaddr to the raop structure */ memcpy(raop->hwaddr, hwaddr, hwaddrlen); raop->hwaddrlen = hwaddrlen;