repositories / deb_shairplay.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add support for password digests.
[deb_shairplay.git] / src / lib / raop.c
1 /**
2 * Copyright (C) 2011-2012 Juho Vähä-Herttua
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 */
14
15 #include <stdlib.h>
16 #include <stdio.h>
17 #include <string.h>
18 #include <assert.h>
19
20 #include "raop.h"
21 #include "raop_rtp.h"
22 #include "rsakey.h"
23 #include "digest.h"
24 #include "httpd.h"
25 #include "sdp.h"
26
27 #include "global.h"
28 #include "utils.h"
29 #include "netutils.h"
30 #include "logger.h"
31
32 /* Actually 345 bytes for 2048-bit key */
33 #define MAX_SIGNATURE_LEN 512
34
35 /* Let's just decide on some length */
36 #define MAX_PASSWORD_LEN 64
37
38 /* MD5 as hex fits here */
39 #define MAX_NONCE_LEN 33
40
41 struct raop_s {
42 /* Callbacks for audio */
43 raop_callbacks_t callbacks;
44
45 /* Logger instance */
46 logger_t logger;
47
48 /* HTTP daemon and RSA key */
49 httpd_t *httpd;
50 rsakey_t *rsakey;
51
52 /* Hardware address information */
53 unsigned char hwaddr[MAX_HWADDR_LEN];
54 int hwaddrlen;
55
56 /* Password information */
57 char password[MAX_PASSWORD_LEN+1];
58 };
59
60 struct raop_conn_s {
61 raop_t *raop;
62 raop_rtp_t *raop_rtp;
63
64 unsigned char *local;
65 int locallen;
66
67 unsigned char *remote;
68 int remotelen;
69
70 char nonce[MAX_NONCE_LEN+1];
71 };
72 typedef struct raop_conn_s raop_conn_t;
73
74 static void *
75 conn_init(void *opaque, unsigned char *local, int locallen, unsigned char *remote, int remotelen)
76 {
77 raop_conn_t *conn;
78
79 conn = calloc(1, sizeof(raop_conn_t));
80 if (!conn) {
81 return NULL;
82 }
83 conn->raop = opaque;
84 conn->raop_rtp = NULL;
85
86 if (locallen == 4) {
87 logger_log(&conn->raop->logger, LOGGER_INFO,
88 "Local: %d.%d.%d.%d\n",
89 local[0], local[1], local[2], local[3]);
90 } else if (locallen == 16) {
91 logger_log(&conn->raop->logger, LOGGER_INFO,
92 "Local: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n",
93 local[0], local[1], local[2], local[3], local[4], local[5], local[6], local[7],
94 local[8], local[9], local[10], local[11], local[12], local[13], local[14], local[15]);
95 }
96 if (remotelen == 4) {
97 logger_log(&conn->raop->logger, LOGGER_INFO,
98 "Remote: %d.%d.%d.%d\n",
99 remote[0], remote[1], remote[2], remote[3]);
100 } else if (remotelen == 16) {
101 logger_log(&conn->raop->logger, LOGGER_INFO,
102 "Remote: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n",
103 remote[0], remote[1], remote[2], remote[3], remote[4], remote[5], remote[6], remote[7],
104 remote[8], remote[9], remote[10], remote[11], remote[12], remote[13], remote[14], remote[15]);
105 }
106
107 conn->local = malloc(locallen);
108 assert(conn->local);
109 memcpy(conn->local, local, locallen);
110
111 conn->remote = malloc(remotelen);
112 assert(conn->remote);
113 memcpy(conn->remote, remote, remotelen);
114
115 conn->locallen = locallen;
116 conn->remotelen = remotelen;
117
118 digest_generate_nonce(conn->nonce, sizeof(conn->nonce));
119 return conn;
120 }
121
122 static void
123 conn_request(void *ptr, http_request_t *request, http_response_t **response)
124 {
125 raop_conn_t *conn = ptr;
126 raop_t *raop = conn->raop;
127
128 http_response_t *res;
129 const char *method;
130 const char *cseq;
131 const char *challenge;
132 int require_auth = 0;
133
134 method = http_request_get_method(request);
135 cseq = http_request_get_header(request, "CSeq");
136 if (!method || !cseq) {
137 return;
138 }
139
140 res = http_response_init("RTSP/1.0", 200, "OK");
141 if (strlen(raop->password)) {
142 const char *authorization;
143
144 authorization = http_request_get_header(request, "Authorization");
145 if (authorization) {
146 logger_log(&conn->raop->logger, LOGGER_DEBUG, "Authorization: %s\n", authorization);
147 }
148 if (!digest_is_valid("AppleTV", raop->password, conn->nonce, method, authorization)) {
149 char *authstr;
150 int authstrlen;
151
152 /* Allocate the authenticate string */
153 authstrlen = sizeof("Digest realm=\"AppleTV\", nonce=\"\"") + sizeof(conn->nonce) + 1;
154 authstr = malloc(authstrlen);
155
156 /* Concatenate the authenticate string */
157 memset(authstr, 0, authstrlen);
158 strcat(authstr, "Digest realm=\"AppleTV\", nonce=\"");
159 strcat(authstr, conn->nonce);
160 strcat(authstr, "\"");
161
162 /* Construct a new response */
163 require_auth = 1;
164 http_response_destroy(res);
165 res = http_response_init("RTSP/1.0", 401, "Unauthorized");
166 http_response_add_header(res, "WWW-Authenticate", authstr);
167 free(authstr);
168 } else {
169 logger_log(&conn->raop->logger, LOGGER_DEBUG, "AUTHENTICATION SUCCESS!\n");
170 }
171 }
172
173 http_response_add_header(res, "CSeq", cseq);
174 http_response_add_header(res, "Apple-Jack-Status", "connected; type=analog");
175
176 challenge = http_request_get_header(request, "Apple-Challenge");
177 if (challenge) {
178 char signature[MAX_SIGNATURE_LEN];
179
180 memset(signature, 0, sizeof(signature));
181 rsakey_sign(raop->rsakey, signature, sizeof(signature), challenge,
182 conn->local, conn->locallen, raop->hwaddr, raop->hwaddrlen);
183 http_response_add_header(res, "Apple-Response", signature);
184
185 logger_log(&conn->raop->logger, LOGGER_DEBUG, "Got challenge: %s\n", challenge);
186 logger_log(&conn->raop->logger, LOGGER_DEBUG, "Got response: %s\n", signature);
187 }
188
189 if (require_auth) {
190 /* Do nothing in case of authentication request */
191 } else if (!strcmp(method, "OPTIONS")) {
192 http_response_add_header(res, "Public", "ANNOUNCE, SETUP, RECORD, PAUSE, FLUSH, TEARDOWN, OPTIONS, GET_PARAMETER, SET_PARAMETER");
193 } else if (!strcmp(method, "ANNOUNCE")) {
194 const char *data;
195 int datalen;
196
197 unsigned char aeskey[16];
198 unsigned char aesiv[16];
199 int aeskeylen, aesivlen;
200
201 data = http_request_get_data(request, &datalen);
202 if (data) {
203 sdp_t *sdp;
204 const char *remotestr, *fmtpstr, *aeskeystr, *aesivstr;
205
206 sdp = sdp_init(data, datalen);
207 remotestr = sdp_get_connection(sdp);
208 fmtpstr = sdp_get_fmtp(sdp);
209 aeskeystr = sdp_get_rsaaeskey(sdp);
210 aesivstr = sdp_get_aesiv(sdp);
211
212 logger_log(&conn->raop->logger, LOGGER_DEBUG, "connection: %s\n", remotestr);
213 logger_log(&conn->raop->logger, LOGGER_DEBUG, "fmtp: %s\n", fmtpstr);
214 logger_log(&conn->raop->logger, LOGGER_DEBUG, "rsaaeskey: %s\n", aeskeystr);
215 logger_log(&conn->raop->logger, LOGGER_DEBUG, "aesiv: %s\n", aesivstr);
216
217 aeskeylen = rsakey_decrypt(raop->rsakey, aeskey, sizeof(aeskey), aeskeystr);
218 aesivlen = rsakey_parseiv(raop->rsakey, aesiv, sizeof(aesiv), aesivstr);
219 logger_log(&conn->raop->logger, LOGGER_DEBUG, "aeskeylen: %d\n", aeskeylen);
220 logger_log(&conn->raop->logger, LOGGER_DEBUG, "aesivlen: %d\n", aesivlen);
221
222 if (conn->raop_rtp) {
223 /* This should never happen */
224 raop_rtp_destroy(conn->raop_rtp);
225 conn->raop_rtp = NULL;
226 }
227 conn->raop_rtp = raop_rtp_init(&raop->logger, &raop->callbacks, remotestr, fmtpstr, aeskey, aesiv);
228 sdp_destroy(sdp);
229 }
230 } else if (!strcmp(method, "SETUP")) {
231 unsigned short remote_cport=0, remote_tport=0;
232 unsigned short cport=0, tport=0, dport=0;
233 const char *transport;
234 char buffer[1024];
235 int use_udp;
236
237 transport = http_request_get_header(request, "Transport");
238 assert(transport);
239
240 logger_log(&conn->raop->logger, LOGGER_INFO, "Transport: %s\n", transport);
241 use_udp = strncmp(transport, "RTP/AVP/TCP", 11);
242 if (use_udp) {
243 char *original, *current, *tmpstr;
244
245 current = original = strdup(transport);
246 if (original) {
247 while ((tmpstr = utils_strsep(&current, ";")) != NULL) {
248 unsigned short value;
249 int ret;
250
251 ret = sscanf(tmpstr, "control_port=%hu", &value);
252 if (ret == 1) {
253 logger_log(&conn->raop->logger, LOGGER_DEBUG, "Found remote control port: %hu\n", value);
254 remote_cport = value;
255 }
256 ret = sscanf(tmpstr, "timing_port=%hu", &value);
257 if (ret == 1) {
258 logger_log(&conn->raop->logger, LOGGER_DEBUG, "Found remote timing port: %hu\n", value);
259 remote_tport = value;
260 }
261 }
262 }
263 free(original);
264 }
265 raop_rtp_start(conn->raop_rtp, use_udp, remote_cport, remote_tport, &cport, &tport, &dport);
266
267 memset(buffer, 0, sizeof(buffer));
268 if (use_udp) {
269 snprintf(buffer, sizeof(buffer)-1,
270 "RTP/AVP/UDP;unicast;mode=record;timing_port=%hu;events;control_port=%hu;server_port=%hu",
271 tport, cport, dport);
272 } else {
273 snprintf(buffer, sizeof(buffer)-1,
274 "RTP/AVP/TCP;unicast;interleaved=0-1;mode=record;server_port=%u",
275 dport);
276 }
277 logger_log(&conn->raop->logger, LOGGER_INFO, "Responding with %s\n", buffer);
278 http_response_add_header(res, "Transport", buffer);
279 http_response_add_header(res, "Session", "DEADBEEF");
280 } else if (!strcmp(method, "SET_PARAMETER")) {
281 const char *data;
282 int datalen;
283 char *datastr;
284
285 data = http_request_get_data(request, &datalen);
286 datastr = calloc(1, datalen+1);
287 if (data && datastr && conn->raop_rtp) {
288 memcpy(datastr, data, datalen);
289 if (!strncmp(datastr, "volume: ", 8)) {
290 float vol = 0.0;
291 sscanf(data+8, "%f", &vol);
292 raop_rtp_set_volume(conn->raop_rtp, vol);
293 }
294 }
295 } else if (!strcmp(method, "FLUSH")) {
296 const char *rtpinfo;
297 int next_seq = -1;
298
299 rtpinfo = http_request_get_header(request, "RTP-Info");
300 if (rtpinfo) {
301 logger_log(&conn->raop->logger, LOGGER_INFO, "Flush with RTP-Info: %s\n", rtpinfo);
302 if (!strncmp(rtpinfo, "seq=", 4)) {
303 next_seq = strtol(rtpinfo+4, NULL, 10);
304 }
305 }
306 if (conn->raop_rtp) {
307 raop_rtp_flush(conn->raop_rtp, next_seq);
308 }
309 } else if (!strcmp(method, "TEARDOWN")) {
310 http_response_add_header(res, "Connection", "close");
311 if (conn->raop_rtp) {
312 /* Destroy our RTP session */
313 raop_rtp_stop(conn->raop_rtp);
314 raop_rtp_destroy(conn->raop_rtp);
315 conn->raop_rtp = NULL;
316 }
317 }
318 http_response_finish(res, NULL, 0);
319
320 logger_log(&conn->raop->logger, LOGGER_DEBUG, "Got request %s with URL %s\n", method, http_request_get_url(request));
321 *response = res;
322 }
323
324 static void
325 conn_destroy(void *ptr)
326 {
327 raop_conn_t *conn = ptr;
328
329 if (conn->raop_rtp) {
330 /* This is done in case TEARDOWN was not called */
331 raop_rtp_destroy(conn->raop_rtp);
332 }
333 free(conn->local);
334 free(conn->remote);
335 free(conn);
336 }
337
338 raop_t *
339 raop_init(raop_callbacks_t *callbacks, const char *pemkey)
340 {
341 raop_t *raop;
342 httpd_t *httpd;
343 rsakey_t *rsakey;
344 httpd_callbacks_t httpd_cbs;
345
346 assert(callbacks);
347 assert(pemkey);
348
349 /* Initialize the network */
350 if (netutils_init() < 0) {
351 return NULL;
352 }
353
354 /* Validate the callbacks structure */
355 if (!callbacks->audio_init || !callbacks->audio_set_volume ||
356 !callbacks->audio_process || !callbacks->audio_flush ||
357 !callbacks->audio_destroy) {
358 return NULL;
359 }
360
361 /* Allocate the raop_t structure */
362 raop = calloc(1, sizeof(raop_t));
363 if (!raop) {
364 return NULL;
365 }
366
367 /* Initialize the logger */
368 logger_init(&raop->logger);
369
370 /* Set HTTP callbacks to our handlers */
371 memset(&httpd_cbs, 0, sizeof(httpd_cbs));
372 httpd_cbs.opaque = raop;
373 httpd_cbs.conn_init = &conn_init;
374 httpd_cbs.conn_request = &conn_request;
375 httpd_cbs.conn_destroy = &conn_destroy;
376
377 /* Initialize the http daemon */
378 httpd = httpd_init(&raop->logger, &httpd_cbs, 10, 1);
379 if (!httpd) {
380 free(raop);
381 return NULL;
382 }
383
384 /* Copy callbacks structure */
385 memcpy(&raop->callbacks, callbacks, sizeof(raop_callbacks_t));
386
387 /* Initialize RSA key handler */
388 rsakey = rsakey_init_pem(pemkey);
389 if (!rsakey) {
390 free(httpd);
391 free(raop);
392 return NULL;
393 }
394
395 raop->httpd = httpd;
396 raop->rsakey = rsakey;
397
398 return raop;
399 }
400
401 raop_t *
402 raop_init_from_keyfile(raop_callbacks_t *callbacks, const char *keyfile)
403 {
404 raop_t *raop;
405 char *pemstr;
406
407 if (utils_read_file(&pemstr, keyfile) < 0) {
408 return NULL;
409 }
410 raop = raop_init(callbacks, pemstr);
411 free(pemstr);
412 return raop;
413 }
414
415 void
416 raop_destroy(raop_t *raop)
417 {
418 if (raop) {
419 raop_stop(raop);
420
421 httpd_destroy(raop->httpd);
422 rsakey_destroy(raop->rsakey);
423 free(raop);
424
425 /* Cleanup the network */
426 netutils_cleanup();
427 }
428 }
429
430 int
431 raop_start(raop_t *raop, unsigned short *port, const char *hwaddr, int hwaddrlen, const char *password)
432 {
433 assert(raop);
434 assert(port);
435 assert(hwaddr);
436
437 /* Validate hardware address */
438 if (hwaddrlen > MAX_HWADDR_LEN) {
439 return -1;
440 }
441
442 /* Validate password */
443 if (strlen(password) > MAX_PASSWORD_LEN) {
444 return -1;
445 }
446
447 /* Copy hwaddr to the raop structure */
448 memcpy(raop->hwaddr, hwaddr, hwaddrlen);
449 raop->hwaddrlen = hwaddrlen;
450
451 /* Copy password to the raop structure */
452 strncpy(raop->password, password, MAX_PASSWORD_LEN);
453
454 return httpd_start(raop->httpd, port);
455 }
456
457 void
458 raop_stop(raop_t *raop)
459 {
460 assert(raop);
461
462 httpd_stop(raop->httpd);
463 }
464
shairplay Piment Noir Debian package repository