repositories / deb_shairplay.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Make password authentication work on iTunes again, fixes #20.
[deb_shairplay.git] / src / lib / raop.c
1 /**
2 * Copyright (C) 2011-2012 Juho Vähä-Herttua
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 */
14
15 #include <stdlib.h>
16 #include <stdio.h>
17 #include <string.h>
18 #include <assert.h>
19
20 #include "raop.h"
21 #include "raop_rtp.h"
22 #include "rsakey.h"
23 #include "digest.h"
24 #include "httpd.h"
25 #include "sdp.h"
26
27 #include "global.h"
28 #include "utils.h"
29 #include "netutils.h"
30 #include "logger.h"
31 #include "compat.h"
32
33 /* Actually 345 bytes for 2048-bit key */
34 #define MAX_SIGNATURE_LEN 512
35
36 /* Let's just decide on some length */
37 #define MAX_PASSWORD_LEN 64
38
39 /* MD5 as hex fits here */
40 #define MAX_NONCE_LEN 32
41
42 struct raop_s {
43 /* Callbacks for audio */
44 raop_callbacks_t callbacks;
45
46 /* Logger instance */
47 logger_t *logger;
48
49 /* HTTP daemon and RSA key */
50 httpd_t *httpd;
51 rsakey_t *rsakey;
52
53 /* Hardware address information */
54 unsigned char hwaddr[MAX_HWADDR_LEN];
55 int hwaddrlen;
56
57 /* Password information */
58 char password[MAX_PASSWORD_LEN+1];
59 };
60
61 struct raop_conn_s {
62 raop_t *raop;
63 raop_rtp_t *raop_rtp;
64
65 unsigned char *local;
66 int locallen;
67
68 unsigned char *remote;
69 int remotelen;
70
71 char nonce[MAX_NONCE_LEN+1];
72 };
73 typedef struct raop_conn_s raop_conn_t;
74
75 static void *
76 conn_init(void *opaque, unsigned char *local, int locallen, unsigned char *remote, int remotelen)
77 {
78 raop_conn_t *conn;
79
80 conn = calloc(1, sizeof(raop_conn_t));
81 if (!conn) {
82 return NULL;
83 }
84 conn->raop = opaque;
85 conn->raop_rtp = NULL;
86
87 if (locallen == 4) {
88 logger_log(conn->raop->logger, LOGGER_INFO,
89 "Local: %d.%d.%d.%d",
90 local[0], local[1], local[2], local[3]);
91 } else if (locallen == 16) {
92 logger_log(conn->raop->logger, LOGGER_INFO,
93 "Local: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x",
94 local[0], local[1], local[2], local[3], local[4], local[5], local[6], local[7],
95 local[8], local[9], local[10], local[11], local[12], local[13], local[14], local[15]);
96 }
97 if (remotelen == 4) {
98 logger_log(conn->raop->logger, LOGGER_INFO,
99 "Remote: %d.%d.%d.%d",
100 remote[0], remote[1], remote[2], remote[3]);
101 } else if (remotelen == 16) {
102 logger_log(conn->raop->logger, LOGGER_INFO,
103 "Remote: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x",
104 remote[0], remote[1], remote[2], remote[3], remote[4], remote[5], remote[6], remote[7],
105 remote[8], remote[9], remote[10], remote[11], remote[12], remote[13], remote[14], remote[15]);
106 }
107
108 conn->local = malloc(locallen);
109 assert(conn->local);
110 memcpy(conn->local, local, locallen);
111
112 conn->remote = malloc(remotelen);
113 assert(conn->remote);
114 memcpy(conn->remote, remote, remotelen);
115
116 conn->locallen = locallen;
117 conn->remotelen = remotelen;
118
119 digest_generate_nonce(conn->nonce, sizeof(conn->nonce));
120 return conn;
121 }
122
123 static void
124 conn_request(void *ptr, http_request_t *request, http_response_t **response)
125 {
126 const char realm[] = "airplay";
127 raop_conn_t *conn = ptr;
128 raop_t *raop = conn->raop;
129
130 http_response_t *res;
131 const char *method;
132 const char *cseq;
133 const char *challenge;
134 int require_auth = 0;
135
136 method = http_request_get_method(request);
137 cseq = http_request_get_header(request, "CSeq");
138 if (!method || !cseq) {
139 return;
140 }
141
142 res = http_response_init("RTSP/1.0", 200, "OK");
143 if (strcmp(method, "OPTIONS") && strlen(raop->password)) {
144 const char *authorization;
145
146 authorization = http_request_get_header(request, "Authorization");
147 if (authorization) {
148 logger_log(conn->raop->logger, LOGGER_DEBUG, "Our nonce: %s", conn->nonce);
149 logger_log(conn->raop->logger, LOGGER_DEBUG, "Authorization: %s", authorization);
150 }
151 if (!digest_is_valid(realm, raop->password, conn->nonce, method, http_request_get_url(request), authorization)) {
152 char *authstr;
153 int authstrlen;
154
155 /* Allocate the authenticate string */
156 authstrlen = sizeof("Digest realm=\"\", nonce=\"\"") + sizeof(realm) + sizeof(conn->nonce) + 1;
157 authstr = malloc(authstrlen);
158
159 /* Concatenate the authenticate string */
160 memset(authstr, 0, authstrlen);
161 strcat(authstr, "Digest realm=\"");
162 strcat(authstr, realm);
163 strcat(authstr, "\", nonce=\"");
164 strcat(authstr, conn->nonce);
165 strcat(authstr, "\"");
166
167 /* Construct a new response */
168 require_auth = 1;
169 http_response_destroy(res);
170 res = http_response_init("RTSP/1.0", 401, "Unauthorized");
171 http_response_add_header(res, "WWW-Authenticate", authstr);
172 free(authstr);
173 logger_log(conn->raop->logger, LOGGER_DEBUG, "Authentication unsuccessful, sending Unauthorized");
174 } else {
175 logger_log(conn->raop->logger, LOGGER_DEBUG, "Authentication successful!");
176 }
177 }
178
179 http_response_add_header(res, "CSeq", cseq);
180 http_response_add_header(res, "Apple-Jack-Status", "connected; type=analog");
181
182 challenge = http_request_get_header(request, "Apple-Challenge");
183 if (!require_auth && challenge) {
184 char signature[MAX_SIGNATURE_LEN];
185
186 memset(signature, 0, sizeof(signature));
187 rsakey_sign(raop->rsakey, signature, sizeof(signature), challenge,
188 conn->local, conn->locallen, raop->hwaddr, raop->hwaddrlen);
189 http_response_add_header(res, "Apple-Response", signature);
190
191 logger_log(conn->raop->logger, LOGGER_DEBUG, "Got challenge: %s", challenge);
192 logger_log(conn->raop->logger, LOGGER_DEBUG, "Got response: %s", signature);
193 }
194
195 if (require_auth) {
196 /* Do nothing in case of authentication request */
197 } else if (!strcmp(method, "OPTIONS")) {
198 http_response_add_header(res, "Public", "ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER");
199 } else if (!strcmp(method, "ANNOUNCE")) {
200 const char *data;
201 int datalen;
202
203 unsigned char aeskey[16];
204 unsigned char aesiv[16];
205 int aeskeylen, aesivlen;
206
207 data = http_request_get_data(request, &datalen);
208 if (data) {
209 sdp_t *sdp;
210 const char *remotestr, *rtpmapstr, *fmtpstr, *aeskeystr, *aesivstr;
211
212 sdp = sdp_init(data, datalen);
213 remotestr = sdp_get_connection(sdp);
214 rtpmapstr = sdp_get_rtpmap(sdp);
215 fmtpstr = sdp_get_fmtp(sdp);
216 aeskeystr = sdp_get_rsaaeskey(sdp);
217 aesivstr = sdp_get_aesiv(sdp);
218
219 logger_log(conn->raop->logger, LOGGER_DEBUG, "connection: %s", remotestr);
220 logger_log(conn->raop->logger, LOGGER_DEBUG, "rtpmap: %s", rtpmapstr);
221 logger_log(conn->raop->logger, LOGGER_DEBUG, "fmtp: %s", fmtpstr);
222 logger_log(conn->raop->logger, LOGGER_DEBUG, "rsaaeskey: %s", aeskeystr);
223 logger_log(conn->raop->logger, LOGGER_DEBUG, "aesiv: %s", aesivstr);
224
225 aeskeylen = rsakey_decrypt(raop->rsakey, aeskey, sizeof(aeskey), aeskeystr);
226 aesivlen = rsakey_parseiv(raop->rsakey, aesiv, sizeof(aesiv), aesivstr);
227 logger_log(conn->raop->logger, LOGGER_DEBUG, "aeskeylen: %d", aeskeylen);
228 logger_log(conn->raop->logger, LOGGER_DEBUG, "aesivlen: %d", aesivlen);
229
230 if (conn->raop_rtp) {
231 /* This should never happen */
232 raop_rtp_destroy(conn->raop_rtp);
233 conn->raop_rtp = NULL;
234 }
235 conn->raop_rtp = raop_rtp_init(raop->logger, &raop->callbacks, remotestr, rtpmapstr, fmtpstr, aeskey, aesiv);
236 if (!conn->raop_rtp) {
237 logger_log(conn->raop->logger, LOGGER_ERR, "Error initializing the audio decoder");
238 http_response_set_disconnect(res, 1);
239 }
240 sdp_destroy(sdp);
241 }
242 } else if (!strcmp(method, "SETUP")) {
243 unsigned short remote_cport=0, remote_tport=0;
244 unsigned short cport=0, tport=0, dport=0;
245 const char *transport;
246 char buffer[1024];
247 int use_udp;
248
249 transport = http_request_get_header(request, "Transport");
250 assert(transport);
251
252 logger_log(conn->raop->logger, LOGGER_INFO, "Transport: %s", transport);
253 use_udp = strncmp(transport, "RTP/AVP/TCP", 11);
254 if (use_udp) {
255 char *original, *current, *tmpstr;
256
257 current = original = strdup(transport);
258 if (original) {
259 while ((tmpstr = utils_strsep(&current, ";")) != NULL) {
260 unsigned short value;
261 int ret;
262
263 ret = sscanf(tmpstr, "control_port=%hu", &value);
264 if (ret == 1) {
265 logger_log(conn->raop->logger, LOGGER_DEBUG, "Found remote control port: %hu", value);
266 remote_cport = value;
267 }
268 ret = sscanf(tmpstr, "timing_port=%hu", &value);
269 if (ret == 1) {
270 logger_log(conn->raop->logger, LOGGER_DEBUG, "Found remote timing port: %hu", value);
271 remote_tport = value;
272 }
273 }
274 }
275 free(original);
276 }
277 if (conn->raop_rtp) {
278 raop_rtp_start(conn->raop_rtp, use_udp, remote_cport, remote_tport, &cport, &tport, &dport);
279 } else {
280 logger_log(conn->raop->logger, LOGGER_ERR, "RAOP not initialized at SETUP, playing will fail!");
281 http_response_set_disconnect(res, 1);
282 }
283
284 memset(buffer, 0, sizeof(buffer));
285 if (use_udp) {
286 snprintf(buffer, sizeof(buffer)-1,
287 "RTP/AVP/UDP;unicast;mode=record;timing_port=%hu;events;control_port=%hu;server_port=%hu",
288 tport, cport, dport);
289 } else {
290 snprintf(buffer, sizeof(buffer)-1,
291 "RTP/AVP/TCP;unicast;interleaved=0-1;mode=record;server_port=%u",
292 dport);
293 }
294 logger_log(conn->raop->logger, LOGGER_INFO, "Responding with %s", buffer);
295 http_response_add_header(res, "Transport", buffer);
296 http_response_add_header(res, "Session", "DEADBEEF");
297 } else if (!strcmp(method, "SET_PARAMETER")) {
298 const char *content_type;
299 const char *data;
300 int datalen;
301
302 content_type = http_request_get_header(request, "Content-Type");
303 data = http_request_get_data(request, &datalen);
304 if (!strcmp(content_type, "text/parameters")) {
305 char *datastr;
306 datastr = calloc(1, datalen+1);
307 if (data && datastr && conn->raop_rtp) {
308 memcpy(datastr, data, datalen);
309 if (!strncmp(datastr, "volume: ", 8)) {
310 float vol = 0.0;
311 sscanf(datastr+8, "%f", &vol);
312 raop_rtp_set_volume(conn->raop_rtp, vol);
313 }
314 } else if (!conn->raop_rtp) {
315 logger_log(conn->raop->logger, LOGGER_WARNING, "RAOP not initialized at SET_PARAMETER volume");
316 }
317 free(datastr);
318 } else if (!strcmp(content_type, "image/jpeg")) {
319 logger_log(conn->raop->logger, LOGGER_INFO, "Got image data of %d bytes", datalen);
320 if (conn->raop_rtp) {
321 raop_rtp_set_coverart(conn->raop_rtp, data, datalen);
322 } else {
323 logger_log(conn->raop->logger, LOGGER_WARNING, "RAOP not initialized at SET_PARAMETER coverart");
324 }
325 } else if (!strcmp(content_type, "application/x-dmap-tagged")) {
326 logger_log(conn->raop->logger, LOGGER_INFO, "Got metadata of %d bytes", datalen);
327 if (conn->raop_rtp) {
328 raop_rtp_set_metadata(conn->raop_rtp, data, datalen);
329 } else {
330 logger_log(conn->raop->logger, LOGGER_WARNING, "RAOP not initialized at SET_PARAMETER metadata");
331 }
332 }
333 } else if (!strcmp(method, "FLUSH")) {
334 const char *rtpinfo;
335 int next_seq = -1;
336
337 rtpinfo = http_request_get_header(request, "RTP-Info");
338 if (rtpinfo) {
339 logger_log(conn->raop->logger, LOGGER_INFO, "Flush with RTP-Info: %s", rtpinfo);
340 if (!strncmp(rtpinfo, "seq=", 4)) {
341 next_seq = strtol(rtpinfo+4, NULL, 10);
342 }
343 }
344 if (conn->raop_rtp) {
345 raop_rtp_flush(conn->raop_rtp, next_seq);
346 } else {
347 logger_log(conn->raop->logger, LOGGER_WARNING, "RAOP not initialized at FLUSH");
348 }
349 } else if (!strcmp(method, "TEARDOWN")) {
350 http_response_add_header(res, "Connection", "close");
351 if (conn->raop_rtp) {
352 /* Destroy our RTP session */
353 raop_rtp_stop(conn->raop_rtp);
354 raop_rtp_destroy(conn->raop_rtp);
355 conn->raop_rtp = NULL;
356 }
357 }
358 http_response_finish(res, NULL, 0);
359
360 logger_log(conn->raop->logger, LOGGER_DEBUG, "Handled request %s with URL %s", method, http_request_get_url(request));
361 *response = res;
362 }
363
364 static void
365 conn_destroy(void *ptr)
366 {
367 raop_conn_t *conn = ptr;
368
369 if (conn->raop_rtp) {
370 /* This is done in case TEARDOWN was not called */
371 raop_rtp_destroy(conn->raop_rtp);
372 }
373 free(conn->local);
374 free(conn->remote);
375 free(conn);
376 }
377
378 raop_t *
379 raop_init(int max_clients, raop_callbacks_t *callbacks, const char *pemkey, int *error)
380 {
381 raop_t *raop;
382 httpd_t *httpd;
383 rsakey_t *rsakey;
384 httpd_callbacks_t httpd_cbs;
385
386 assert(callbacks);
387 assert(max_clients > 0);
388 assert(max_clients < 100);
389 assert(pemkey);
390
391 /* Initialize the network */
392 if (netutils_init() < 0) {
393 return NULL;
394 }
395
396 /* Validate the callbacks structure */
397 if (!callbacks->audio_init ||
398 !callbacks->audio_process ||
399 !callbacks->audio_destroy) {
400 return NULL;
401 }
402
403 /* Allocate the raop_t structure */
404 raop = calloc(1, sizeof(raop_t));
405 if (!raop) {
406 return NULL;
407 }
408
409 /* Initialize the logger */
410 raop->logger = logger_init();
411
412 /* Set HTTP callbacks to our handlers */
413 memset(&httpd_cbs, 0, sizeof(httpd_cbs));
414 httpd_cbs.opaque = raop;
415 httpd_cbs.conn_init = &conn_init;
416 httpd_cbs.conn_request = &conn_request;
417 httpd_cbs.conn_destroy = &conn_destroy;
418
419 /* Initialize the http daemon */
420 httpd = httpd_init(raop->logger, &httpd_cbs, max_clients);
421 if (!httpd) {
422 free(raop);
423 return NULL;
424 }
425
426 /* Copy callbacks structure */
427 memcpy(&raop->callbacks, callbacks, sizeof(raop_callbacks_t));
428
429 /* Initialize RSA key handler */
430 rsakey = rsakey_init_pem(pemkey);
431 if (!rsakey) {
432 free(httpd);
433 free(raop);
434 return NULL;
435 }
436
437 raop->httpd = httpd;
438 raop->rsakey = rsakey;
439
440 return raop;
441 }
442
443 raop_t *
444 raop_init_from_keyfile(int max_clients, raop_callbacks_t *callbacks, const char *keyfile, int *error)
445 {
446 raop_t *raop;
447 char *pemstr;
448
449 if (utils_read_file(&pemstr, keyfile) < 0) {
450 return NULL;
451 }
452 raop = raop_init(max_clients, callbacks, pemstr, error);
453 free(pemstr);
454 return raop;
455 }
456
457 void
458 raop_destroy(raop_t *raop)
459 {
460 if (raop) {
461 raop_stop(raop);
462
463 httpd_destroy(raop->httpd);
464 rsakey_destroy(raop->rsakey);
465 logger_destroy(raop->logger);
466 free(raop);
467
468 /* Cleanup the network */
469 netutils_cleanup();
470 }
471 }
472
473 int
474 raop_is_running(raop_t *raop)
475 {
476 assert(raop);
477
478 return httpd_is_running(raop->httpd);
479 }
480
481 void
482 raop_set_log_level(raop_t *raop, int level)
483 {
484 assert(raop);
485
486 logger_set_level(raop->logger, level);
487 }
488
489 void
490 raop_set_log_callback(raop_t *raop, raop_log_callback_t callback, void *cls)
491 {
492 assert(raop);
493
494 logger_set_callback(raop->logger, callback, cls);
495 }
496
497 int
498 raop_start(raop_t *raop, unsigned short *port, const char *hwaddr, int hwaddrlen, const char *password)
499 {
500 assert(raop);
501 assert(port);
502 assert(hwaddr);
503
504 /* Validate hardware address */
505 if (hwaddrlen > MAX_HWADDR_LEN) {
506 return -1;
507 }
508
509 memset(raop->password, 0, sizeof(raop->password));
510 if (password) {
511 /* Validate password */
512 if (strlen(password) > MAX_PASSWORD_LEN) {
513 return -1;
514 }
515
516 /* Copy password to the raop structure */
517 strncpy(raop->password, password, MAX_PASSWORD_LEN);
518 }
519
520 /* Copy hwaddr to the raop structure */
521 memcpy(raop->hwaddr, hwaddr, hwaddrlen);
522 raop->hwaddrlen = hwaddrlen;
523
524 return httpd_start(raop->httpd, port);
525 }
526
527 void
528 raop_stop(raop_t *raop)
529 {
530 assert(raop);
531
532 httpd_stop(raop->httpd);
533 }
534
shairplay Piment Noir Debian package repository