search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
revert breaks some stupid old compilers
[oscam.git] / module-cccam.c
blob008b5719b5a57b0d1ba80ff6da5082f5fab6b4b1
1 #define MODULE_LOG_PREFIX "cccam"
2
3 #include "globals.h"
4
5 #ifdef MODULE_CCCAM
6
7 #include "cscrypt/md5.h"
8 #include "cscrypt/sha1.h"
9 #include "module-cacheex.h"
10 #include "module-cccam.h"
11 #include "module-cccam-data.h"
12 #include "module-cccam-cacheex.h"
13 #include "module-cccshare.h"
14 #include "oscam-chk.h"
15 #include "oscam-cache.h"
16 #include "oscam-client.h"
17 #include "oscam-ecm.h"
18 #include "oscam-emm.h"
19 #include "oscam-failban.h"
20 #include "oscam-garbage.h"
21 #include "oscam-lock.h"
22 #include "oscam-net.h"
23 #include "oscam-reader.h"
24 #include "oscam-string.h"
25 #include "oscam-time.h"
26 #include "oscam-work.h"
27
28 //Mode names for CMD_05 command:
29 static const char *cmd05_mode_name[] = { "UNKNOWN", "PLAIN", "AES", "CC_CRYPT", "RC4",
30 "LEN=0"
31 };
32
33 //Mode names for CMD_0C command:
34 static const char *cmd0c_mode_name[] = { "NONE", "RC6", "RC4", "CC_CRYPT", "AES", "IDEA" };
35
36 uint8_t cc_node_id[8];
37
38 int32_t cc_cli_connect(struct s_client *cl);
39 int32_t cc_send_pending_emms(struct s_client *cl);
40
41 #define getprefix() (!cl?"":(!cl->cc?"":(((struct cc_data *)(cl->cc))->prefix)))
42
43 void cc_init_crypt(struct cc_crypt_block *block, uint8_t *key, int32_t len)
44 {
45 int32_t i = 0;
46 uint8_t j = 0;
47
48 for(i = 0; i < 256; i++)
49 {
50 block->keytable[i] = i;
51 }
52
53 for(i = 0; i < 256; i++)
54 {
55 j += key[i % len] + block->keytable[i];
56 SWAPC(&block->keytable[i], &block->keytable[j]);
57 }
58
59 block->state = *key;
60 block->counter = 0;
61 block->sum = 0;
62 }
63
64 void cc_crypt(struct cc_crypt_block *block, uint8_t *data, int32_t len,
65 cc_crypt_mode_t mode)
66 {
67 int32_t i;
68 uint8_t z;
69
70 for(i = 0; i < len; i++)
71 {
72 block->counter++;
73 block->sum += block->keytable[block->counter];
74 SWAPC(&block->keytable[block->counter], &block->keytable[block->sum]);
75 z = data[i];
76 data[i] = z ^ block->keytable[(block->keytable[block->counter]
77 + block->keytable[block->sum]) & 0xff];
78 data[i] ^= block->state;
79 if(!mode)
80 { z = data[i]; }
81 block->state = block->state ^ z;
82 }
83 }
84
85 void cc_rc4_crypt(struct cc_crypt_block *block, uint8_t *data, int32_t len,
86 cc_crypt_mode_t mode)
87 {
88 int32_t i;
89 uint8_t z;
90
91 for(i = 0; i < len; i++)
92 {
93 block->counter++;
94 block->sum += block->keytable[block->counter];
95 SWAPC(&block->keytable[block->counter], &block->keytable[block->sum]);
96 z = data[i];
97 data[i] = z ^ block->keytable[(block->keytable[block->counter]
98 + block->keytable[block->sum]) & 0xff];
99 if(!mode)
100 { z = data[i]; }
101 block->state = block->state ^ z;
102 }
103 }
104
105 void cc_xor(uint8_t *buf)
106 {
107 const char cccam[] = "CCcam";
108 uint8_t i;
109
110 for(i = 0; i < 8; i++)
111 {
112 buf[8 + i] = i * buf[i];
113 if(i <= 5)
114 {
115 buf[i] ^= cccam[i];
116 }
117 }
118 }
119
120 void cc_cw_crypt(struct s_client *cl, uint8_t *cws, uint32_t cardid)
121 {
122 struct cc_data *cc = cl->cc;
123 uint64_t node_id;
124 uint8_t tmp;
125 int32_t i;
126
127 if(cl->typ != 'c')
128 {
129 node_id = b2ll(8, cc->node_id);
130 }
131 else
132 {
133 node_id = b2ll(8, cc->peer_node_id);
134 }
135
136 for(i = 0; i < 16; i++)
137 {
138 tmp = cws[i] ^(node_id >> (4 * i));
139 if(i & 1)
140 { tmp = ~tmp; }
141 cws[i] = (cardid >> (2 * i)) ^ tmp;
142 }
143 }
144
145 /** swap endianness (int) */
146 static void SwapLBi(unsigned char *buff, int32_t len)
147 {
148 #if __BYTE_ORDER != __BIG_ENDIAN
149 return;
150 #endif
151
152 int32_t i;
153 unsigned char swap[4];
154 for(i = 0; i < len / 4; i++)
155 {
156 memcpy(swap, buff, 4);
157 buff[0] = swap[3];
158 buff[1] = swap[2];
159 buff[2] = swap[1];
160 buff[3] = swap[0];
161 buff += 4;
162 }
163 }
164
165 void cc_crypt_cmd0c(struct s_client *cl, uint8_t *buf, int32_t len)
166 {
167 struct cc_data *cc = cl->cc;
168 uint8_t *out;
169 if(!cs_malloc(&out, len))
170 { return; }
171
172 switch(cc->cmd0c_mode)
173 {
174 case MODE_CMD_0x0C_NONE: // none additional encryption
175 {
176 memcpy(out, buf, len);
177 break;
178 }
179 case MODE_CMD_0x0C_RC6 : //RC6
180 {
181 // buf may be unaligned,
182 // so we use malloc() memory for the uint32_t* cast
183 uint8_t *tmp;
184 int32_t i;
185
186 if(!cs_malloc(&tmp, len))
187 { return; }
188 memcpy(tmp, buf, len);
189
190 SwapLBi(tmp, len);
191 for(i = 0; i < len / 16; i++)
192 { rc6_block_decrypt((uint32_t *)(tmp + i * 16), (uint32_t *)(out + i * 16), 1, cc->cmd0c_RC6_cryptkey); }
193 SwapLBi(out, len);
194 NULLFREE(tmp);
195 break;
196 }
197 case MODE_CMD_0x0C_RC4: // RC4
198 {
199 cc_rc4_crypt(&cc->cmd0c_cryptkey, buf, len, ENCRYPT);
200 memcpy(out, buf, len);
201 break;
202 }
203 case MODE_CMD_0x0C_CC_CRYPT: // cc_crypt
204 {
205 cc_crypt(&cc->cmd0c_cryptkey, buf, len, DECRYPT);
206 memcpy(out, buf, len);
207 break;
208 }
209 case MODE_CMD_0x0C_AES: // AES
210 {
211 int32_t i;
212 for(i = 0; i < len / 16; i++)
213 AES_decrypt((unsigned char *) buf + i * 16,
214 (unsigned char *) out + i * 16, &cc->cmd0c_AES_key);
215 break;
216 }
217 case MODE_CMD_0x0C_IDEA : //IDEA
218 {
219 int32_t i = 0;
220 int32_t j;
221
222 while(i < len)
223 {
224 idea_ecb_encrypt(buf + i, out + i, &cc->cmd0c_IDEA_dkey);
225 i += 8;
226 }
227
228 i = 8;
229 while(i < len)
230 {
231 for(j = 0; j < 8; j++)
232 { out[j + i] ^= buf[j + i - 8]; }
233 i += 8;
234 }
235
236 break;
237 }
238 }
239 memcpy(buf, out, len);
240 NULLFREE(out);
241 }
242
243
244
245 void set_cmd0c_cryptkey(struct s_client *cl, uint8_t *key, uint8_t len)
246 {
247 struct cc_data *cc = cl->cc;
248 uint8_t key_buf[32];
249
250 memset(&key_buf, 0, sizeof(key_buf));
251
252 if(len > 32)
253 { len = 32; }
254
255 memcpy(key_buf, key, len);
256
257 switch(cc->cmd0c_mode)
258 {
259
260 case MODE_CMD_0x0C_NONE : //NONE
261 {
262 break;
263 }
264
265 case MODE_CMD_0x0C_RC6 : //RC6
266 {
267 rc6_key_setup(key_buf, 32, cc->cmd0c_RC6_cryptkey);
268 break;
269 }
270
271 case MODE_CMD_0x0C_RC4: //RC4
272 case MODE_CMD_0x0C_CC_CRYPT: //CC_CRYPT
273 {
274 cc_init_crypt(&cc->cmd0c_cryptkey, key_buf, 32);
275 break;
276 }
277
278 case MODE_CMD_0x0C_AES: //AES
279 {
280 memset(&cc->cmd0c_AES_key, 0, sizeof(cc->cmd0c_AES_key));
281 AES_set_decrypt_key((unsigned char *) key_buf, 256, &cc->cmd0c_AES_key);
282 break;
283 }
284
285 case MODE_CMD_0x0C_IDEA : //IDEA
286 {
287 uint8_t key_buf_idea[16];
288 memcpy(key_buf_idea, key_buf, 16);
289 IDEA_KEY_SCHEDULE ekey;
290
291 idea_set_encrypt_key(key_buf_idea, &ekey);
292 idea_set_decrypt_key(&ekey, &cc->cmd0c_IDEA_dkey);
293 break;
294 }
295 }
296 }
297
298 int32_t sid_eq(struct cc_srvid *srvid1, struct cc_srvid *srvid2)
299 {
300 return (srvid1->sid == srvid2->sid && (srvid1->chid == srvid2->chid || !srvid1->chid || !srvid2->chid) && (srvid1->ecmlen == srvid2->ecmlen || !srvid1->ecmlen || !srvid2->ecmlen));
301 }
302
303 int32_t sid_eq_nb(struct cc_srvid *srvid1, struct cc_srvid_block *srvid2)
304 {
305 return sid_eq(srvid1, (struct cc_srvid *)srvid2);
306 }
307
308 int32_t sid_eq_bb(struct cc_srvid_block *srvid1, struct cc_srvid_block *srvid2)
309 {
310 return (srvid1->sid == srvid2->sid && (srvid1->chid == srvid2->chid || !srvid1->chid || !srvid2->chid) && (srvid1->ecmlen == srvid2->ecmlen || !srvid1->ecmlen || !srvid2->ecmlen)
311 && (srvid1->blocked_till == srvid2->blocked_till || !srvid1->blocked_till || !srvid2->blocked_till));
312 }
313
314 struct cc_srvid_block *is_sid_blocked(struct cc_card *card, struct cc_srvid *srvid_blocked)
315 {
316 LL_ITER it = ll_iter_create(card->badsids);
317 struct cc_srvid_block *srvid;
318 while((srvid = ll_iter_next(&it)))
319 {
320 if(sid_eq_nb(srvid_blocked, srvid))
321 {
322 break;
323 }
324 }
325 return srvid;
326 }
327
328 uint32_t has_perm_blocked_sid(struct cc_card *card)
329 {
330 LL_ITER it = ll_iter_create(card->badsids);
331 struct cc_srvid_block *srvid;
332 while((srvid = ll_iter_next(&it)))
333 {
334 if(srvid->blocked_till == 0)
335 {
336 break;
337 }
338 }
339 return srvid != NULL;
340 }
341
342 struct cc_srvid *is_good_sid(struct cc_card *card, struct cc_srvid *srvid_good)
343 {
344 LL_ITER it = ll_iter_create(card->goodsids);
345 struct cc_srvid *srvid;
346 while((srvid = ll_iter_next(&it)))
347 {
348 if(sid_eq(srvid, srvid_good))
349 {
350 break;
351 }
352 }
353 return srvid;
354 }
355
356 #define BLOCKING_SECONDS 10
357
358 void add_sid_block(struct cc_card *card, struct cc_srvid *srvid_blocked, bool temporary)
359 {
360 if(is_sid_blocked(card, srvid_blocked))
361 { return; }
362
363 struct cc_srvid_block *srvid;
364 if(!cs_malloc(&srvid, sizeof(struct cc_srvid_block)))
365 { return; }
366 memcpy(srvid, srvid_blocked, sizeof(struct cc_srvid));
367
368 if(temporary)
369 { srvid->blocked_till = time(NULL) + BLOCKING_SECONDS; }
370
371 ll_append(card->badsids, srvid);
372 cs_log_dbg(D_READER, "added sid block %04X(CHID %04X, length %d) for card %08x",
373 srvid_blocked->sid, srvid_blocked->chid, srvid_blocked->ecmlen, card->id);
374 }
375
376 void remove_sid_block(struct cc_card *card, struct cc_srvid *srvid_blocked)
377 {
378 LL_ITER it = ll_iter_create(card->badsids);
379 struct cc_srvid_block *srvid;
380 while((srvid = ll_iter_next(&it)))
381 if(sid_eq_nb(srvid_blocked, srvid))
382 { ll_iter_remove_data(&it); }
383
384 cs_log_dbg(D_READER, "removed sid block %04X(CHID %04X, length %d) for card %08x",
385 srvid_blocked->sid, srvid_blocked->chid, srvid_blocked->ecmlen, card->id);
386 }
387
388 void add_good_sid(struct cc_card *card, struct cc_srvid *srvid_good)
389 {
390 if(is_good_sid(card, srvid_good))
391 { return; }
392
393 remove_sid_block(card, srvid_good);
394 struct cc_srvid *srvid;
395 if(!cs_malloc(&srvid, sizeof(struct cc_srvid)))
396 { return; }
397 memcpy(srvid, srvid_good, sizeof(struct cc_srvid));
398 ll_append(card->goodsids, srvid);
399 cs_log_dbg(D_READER, "added good sid %04X(%d) for card %08x", srvid_good->sid, srvid_good->ecmlen, card->id);
400 }
401
402 void remove_good_sid(struct cc_card *card, struct cc_srvid *srvid_good)
403 {
404 LL_ITER it = ll_iter_create(card->goodsids);
405 struct cc_srvid *srvid;
406 while((srvid = ll_iter_next(&it)))
407 if(sid_eq(srvid, srvid_good))
408 { ll_iter_remove_data(&it); }
409
410 cs_log_dbg(D_READER, "removed good sid %04X(%d) for card %08x", srvid_good->sid, srvid_good->ecmlen, card->id);
411 }
412
413 /**
414 * reader
415 * clears and frees values for reinit
416 */
417 void cc_cli_close(struct s_client *cl, int32_t call_conclose)
418 {
419 struct s_reader *rdr = cl->reader;
420 struct cc_data *cc = cl->cc;
421 if(!rdr || !cc)
422 { return; }
423
424 if(rdr) { rdr->tcp_connected = 0; }
425 if(rdr) { rdr->card_status = NO_CARD; }
426 if(rdr) { rdr->last_s = rdr->last_g = 0; }
427 if(cl) { cl->last = 0; }
428
429 if(call_conclose) //clears also pending ecms!
430 { network_tcp_connection_close(rdr, "close"); }
431 else
432 {
433 if(cl->udp_fd)
434 {
435 close(cl->udp_fd);
436 cl->udp_fd = 0;
437 cl->pfd = 0;
438 }
439 }
440
441 cc->ecm_busy = 0;
442 cc->just_logged_in = 0;
443 }
444
445 struct cc_extended_ecm_idx *add_extended_ecm_idx(struct s_client *cl,
446 uint8_t send_idx, uint16_t ecm_idx, struct cc_card *card,
447 struct cc_srvid srvid, int8_t free_card)
448 {
449 struct cc_data *cc = cl->cc;
450 struct cc_extended_ecm_idx *eei;
451 if(!cs_malloc(&eei, sizeof(struct cc_extended_ecm_idx)))
452 { return NULL; }
453 eei->send_idx = send_idx;
454 eei->ecm_idx = ecm_idx;
455 eei->card = card;
456 eei->cccam_id = card->id;
457 eei->srvid = srvid;
458 eei->free_card = free_card;
459 cs_ftime(&eei->tps);
460 ll_append(cc->extended_ecm_idx, eei);
461 //cs_log_dbg(D_TRACE, "%s add extended ecm-idx: %d:%d", getprefix(), send_idx, ecm_idx);
462 return eei;
463 }
464
465 struct cc_extended_ecm_idx *get_extended_ecm_idx(struct s_client *cl,
466 uint8_t send_idx, int32_t remove_item)
467 {
468 struct cc_data *cc = cl->cc;
469 struct cc_extended_ecm_idx *eei;
470 LL_ITER it = ll_iter_create(cc->extended_ecm_idx);
471 while((eei = ll_iter_next(&it)))
472 {
473 if(eei->send_idx == send_idx)
474 {
475 if(remove_item)
476 { ll_iter_remove(&it); }
477 //cs_log_dbg(D_TRACE, "%s get by send-idx: %d FOUND: %d",
478 // getprefix(), send_idx, eei->ecm_idx);
479 return eei;
480 }
481 }
482 #ifdef WITH_DEBUG
483 if(remove_item)
484 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s get by send-idx: %d NOT FOUND", getprefix(),
485 send_idx);
486 #endif
487 return NULL;
488 }
489
490 struct cc_extended_ecm_idx *get_extended_ecm_idx_by_idx(struct s_client *cl,
491 uint16_t ecm_idx, int32_t remove_item)
492 {
493 struct cc_data *cc = cl->cc;
494 struct cc_extended_ecm_idx *eei;
495 LL_ITER it = ll_iter_create(cc->extended_ecm_idx);
496 while((eei = ll_iter_next(&it)))
497 {
498 if(eei->ecm_idx == ecm_idx)
499 {
500 if(remove_item)
501 { ll_iter_remove(&it); }
502 //cs_log_dbg(D_TRACE, "%s get by ecm-idx: %d FOUND: %d",
503 // getprefix(), ecm_idx, eei->send_idx);
504 return eei;
505 }
506 }
507 #ifdef WITH_DEBUG
508 if(remove_item)
509 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s get by ecm-idx: %d NOT FOUND", getprefix(),
510 ecm_idx);
511 #endif
512 return NULL;
513 }
514
515 void cc_reset_pending(struct s_client *cl, int32_t ecm_idx)
516 {
517 int32_t i = 0;
518 for(i = 0; i < cfg.max_pending; i++)
519 {
520 if(cl->ecmtask[i].idx == ecm_idx && cl->ecmtask[i].rc == E_ALREADY_SENT)
521 { cl->ecmtask[i].rc = E_UNHANDLED; } //Mark unused
522 }
523 }
524
525 void free_extended_ecm_idx_by_card(struct s_client *cl, struct cc_card *card, int8_t null_only)
526 {
527 struct cc_data *cc = cl->cc;
528 struct cc_extended_ecm_idx *eei;
529 LL_ITER it = ll_iter_create(cc->extended_ecm_idx);
530 while((eei = ll_iter_next(&it)))
531 {
532 if(eei->card == card)
533 {
534 if(null_only)
535 {
536 cc_reset_pending(cl, eei->ecm_idx);
537 if(eei->free_card)
538 { NULLFREE(eei->card); }
539 ll_iter_remove_data(&it);
540 }
541 else
542 {
543 if(eei->free_card)
544 { NULLFREE(eei->card); }
545 eei->card = NULL;
546 }
547 }
548 }
549 }
550
551 void free_extended_ecm_idx(struct cc_data *cc)
552 {
553 struct cc_extended_ecm_idx *eei;
554 LL_ITER it = ll_iter_create(cc->extended_ecm_idx);
555 while((eei = ll_iter_next(&it)))
556 {
557 if(eei->free_card)
558 { NULLFREE(eei->card); }
559 ll_iter_remove_data(&it);
560 }
561 }
562
563 int32_t cc_recv_to(struct s_client *cl, uint8_t *buf, int32_t len)
564 {
565 int32_t rc;
566 struct pollfd pfd;
567
568 while(1)
569 {
570 pfd.fd = cl->udp_fd;
571 pfd.events = POLLIN | POLLPRI;
572
573 rc = poll(&pfd, 1, cfg.cc_recv_timeout);
574
575 if(rc < 0)
576 {
577 if(errno == EINTR) { continue; }
578 return (-1); //error!!
579 }
580
581 if(rc == 1)
582 {
583 if(pfd.revents & POLLHUP)
584 { return (-1); } //hangup = error!!
585 else
586 { break; }
587 }
588 else
589 { return (-2); } //timeout!!
590 }
591 return cs_recv(cl->udp_fd, buf, len, MSG_WAITALL);
592 }
593
594 /**
595 * reader
596 * closes the connection and reopens it.
597 */
598 static int8_t cc_cycle_connection(struct s_client *cl)
599 {
600 if(!cl || cl->kill)
601 { return 0; }
602
603 cs_log_dbg(D_TRACE, "%s unlocked-cycleconnection! timeout %d ms",
604 getprefix(), cl->reader->cc_reconnect);
605
606 cc_cli_close(cl, 0);
607 cs_sleepms(50);
608 cc_cli_connect(cl);
609
610 return cl->reader->tcp_connected;
611 }
612
613 /**
614 * reader+server:
615 * receive a message
616 */
617 int32_t cc_msg_recv(struct s_client *cl, uint8_t *buf, int32_t maxlen)
618 {
619 struct s_reader *rdr = (cl->typ == 'c') ? NULL : cl->reader;
620
621 int32_t len;
622 struct cc_data *cc = cl->cc;
623
624 int32_t handle = cl->udp_fd;
625
626 if(handle <= 0 || maxlen < 4)
627 { return -1; }
628
629 if(!cl->cc) { return -1; }
630 cs_writelock(__func__, &cc->lockcmd);
631 if(!cl->cc)
632 {
633 cs_writeunlock(__func__, &cc->lockcmd);
634 return -1;
635 }
636
637 len = cs_recv(handle, buf, 4, MSG_WAITALL);
638
639 if(len != 4) // invalid header length read
640 {
641 if(len <= 0)
642 { cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s disconnected by remote server", getprefix()); }
643 else
644 { cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s invalid header length (expected 4, read %d)", getprefix(), len); }
645 cs_writeunlock(__func__, &cc->lockcmd);
646 return -1;
647 }
648
649 cc_crypt(&cc->block[DECRYPT], buf, 4, DECRYPT);
650 //cs_log_dump_dbg(D_CLIENT, buf, 4, "cccam: decrypted header:");
651
652 cc->g_flag = buf[0];
653
654 int32_t size = (buf[2] << 8) | buf[3];
655 if(size) // check if any data is expected in msg
656 {
657 if(size > maxlen)
658 {
659 cs_writeunlock(__func__, &cc->lockcmd);
660 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s message too big (size=%d max=%d)", getprefix(), size, maxlen);
661 return 0;
662 }
663
664 len = cs_recv(handle, buf + 4, size, MSG_WAITALL);
665 if(rdr && buf[1] == MSG_CW_ECM)
666 { rdr->last_g = time(NULL); }
667
668 if(len != size)
669 {
670 cs_writeunlock(__func__, &cc->lockcmd);
671 if(len <= 0)
672 { cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s disconnected by remote", getprefix()); }
673 else
674 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s invalid message length read (expected %d, read %d)",
675 getprefix(), size, len);
676 return -1;
677 }
678
679 cc_crypt(&cc->block[DECRYPT], buf + 4, len, DECRYPT);
680 len += 4;
681 }
682
683 cs_writeunlock(__func__, &cc->lockcmd);
684
685 //cs_log_dump_dbg(cl->typ=='c'?D_CLIENT:D_READER, buf, len, "cccam: full decrypted msg, len=%d:", len);
686
687 return len;
688 }
689
690 /**
691 * reader+server
692 * send a message
693 */
694 int32_t cc_cmd_send(struct s_client *cl, uint8_t *buf, int32_t len, cc_msg_type_t cmd)
695 {
696 if(!cl->udp_fd) //disconnected
697 { return -1; }
698
699 struct s_reader *rdr = (cl->typ == 'c') ? NULL : cl->reader;
700
701 int32_t n;
702 struct cc_data *cc = cl->cc;
703
704 if(!cl->cc || cl->kill) { return -1; }
705 cs_writelock(__func__, &cc->lockcmd);
706 if(!cl->cc || cl->kill)
707 {
708 cs_writeunlock(__func__, &cc->lockcmd);
709 return -1;
710 }
711
712 uint8_t *netbuf;
713 if(!cs_malloc(&netbuf, len + 4))
714 { return -1; }
715
716 if(cmd == MSG_NO_HEADER)
717 {
718 memcpy(netbuf, buf, len);
719 }
720 else
721 {
722 // build command message
723 netbuf[0] = cc->g_flag; // flags??
724 netbuf[1] = cmd & 0xff;
725 netbuf[2] = len >> 8;
726 netbuf[3] = len & 0xff;
727 if(buf)
728 { memcpy(netbuf + 4, buf, len); }
729 len += 4;
730 }
731
732 cs_log_dump_dbg(D_CLIENT, netbuf, len, "cccam: send:");
733 cc_crypt(&cc->block[ENCRYPT], netbuf, len, ENCRYPT);
734
735 n = send(cl->udp_fd, netbuf, len, 0);
736
737 cs_writeunlock(__func__, &cc->lockcmd);
738
739 NULLFREE(netbuf);
740
741 if(n != len)
742 {
743 if(rdr)
744 { cc_cli_close(cl, 1); }
745 else
746 {
747 cs_writeunlock(__func__, &cc->cards_busy);
748 cs_disconnect_client(cl);
749 }
750 n = -1;
751 }
752
753 return n;
754 }
755
756 #define CC_DEFAULT_VERSION 9
757 #define CC_VERSIONS 10
758 static char *version[CC_VERSIONS] = { "2.0.11", "2.1.1", "2.1.2", "2.1.3", "2.1.4", "2.2.0", "2.2.1", "2.3.0", "2.3.1", "2.3.2"};
759 static char *build[CC_VERSIONS] = { "2892", "2971", "3094", "3165", "3191", "3290", "3316", "3367", "9d508a", "4000"};
760 static char extcompat[CC_VERSIONS] = { 0, 0, 0, 0, 0, 1, 1, 1, 1, 1}; //Supporting new card format starting with 2.2.0
761
762 /**
763 * reader+server
764 * checks the cccam-version in the configuration
765 */
766 void cc_check_version(char *cc_version, char *cc_build)
767 {
768 int32_t i;
769 for(i = 0; i < CC_VERSIONS; i++)
770 {
771 if(!memcmp(cc_version, version[i], strlen(version[i])))
772 {
773 memcpy(cc_build, build[i], strlen(build[i]) + 1);
774 cs_log_dbg(D_CLIENT, "cccam: auto build set for version: %s build: %s",
775 cc_version, cc_build);
776 return;
777 }
778 }
779 memcpy(cc_version, version[CC_DEFAULT_VERSION], strlen(
780 version[CC_DEFAULT_VERSION]));
781 memcpy(cc_build, build[CC_DEFAULT_VERSION], strlen(
782 build[CC_DEFAULT_VERSION]));
783
784 cs_log_dbg(D_CLIENT, "cccam: auto version set: %s build: %s", cc_version, cc_build);
785
786 return;
787 }
788
789 int32_t check_cccam_compat(struct cc_data *cc)
790 {
791 int32_t res = 0;
792 int32_t i = 0;
793 for(i = 0; i < CC_VERSIONS; i++)
794 {
795 if(!strcmp(cfg.cc_version, version[i]))
796 {
797 res += extcompat[i];
798 break;
799 }
800 }
801 if(!res)
802 { return 0; }
803
804 for(i = 0; i < CC_VERSIONS; i++)
805 {
806 if(!strcmp(cc->remote_version, version[i]))
807 {
808 res += extcompat[i];
809 break;
810 }
811 }
812 return res == 2;
813 }
814
815
816 /**
817 * reader
818 * sends own version information to the CCCam server
819 */
820 int32_t cc_send_cli_data(struct s_client *cl)
821 {
822 struct s_reader *rdr = cl->reader;
823 struct cc_data *cc = cl->cc;
824 const int32_t size = 20 + 8 + 6 + 26 + 4 + 28 + 1;
825 uint8_t buf[size];
826
827 cs_log_dbg(D_READER, "cccam: send client data");
828
829 memcpy(cc->node_id, cc_node_id, sizeof(cc_node_id));
830
831 memcpy(buf, rdr->r_usr, sizeof(rdr->r_usr));
832 memcpy(buf + 20, cc->node_id, 8);
833 buf[28] = rdr->cc_want_emu; // <-- Client want to have EMUs, 0 - NO; 1 - YES
834 memcpy(buf + 29, rdr->cc_version, sizeof(rdr->cc_version)); // cccam version (ascii)
835 memcpy(buf + 61, rdr->cc_build, sizeof(rdr->cc_build)); // build number (ascii)
836
837 //multics seed already detected, now send multics 'WHO' for getting and confirming multics server
838 if (cc->multics_mode == 1)
839 {
840 memcpy(buf + 57, "W", 1);
841 memcpy(buf + 58, "H", 1);
842 memcpy(buf + 59, "O", 1);
843 }
844
845 cs_log_dbg(D_READER, "%s sending own version: %s, build: %s", getprefix(),
846 rdr->cc_version, rdr->cc_build);
847
848 return cc_cmd_send(cl, buf, size, MSG_CLI_DATA);
849 }
850
851 /**
852 * server
853 * sends version information to the client
854 */
855 int32_t cc_send_srv_data(struct s_client *cl)
856 {
857 struct cc_data *cc = cl->cc;
858
859 cs_log_dbg(D_CLIENT, "cccam: send server data");
860
861 memcpy(cc->node_id, cc_node_id, sizeof(cc_node_id));
862
863 uint8_t buf[0x48];
864 memset(buf, 0, 0x48);
865
866 int32_t stealth = cl->account->cccstealth;
867 if(stealth == -1)
868 { stealth = cfg.cc_stealth; }
869 if(stealth) { cc->node_id[7]++; }
870
871 memcpy(buf, cc->node_id, 8);
872
873 char cc_build[7], tmp_dbg[17];
874 memset(cc_build, 0, sizeof(cc_build));
875 cc_check_version((char *) cfg.cc_version, cc_build);
876 memcpy(buf + 8, cfg.cc_version, sizeof(cfg.cc_version)); // cccam version (ascii)
877 memcpy(buf + 40, cc_build, sizeof(cc_build)); // build number (ascii)
878
879 cs_log_dbg(D_CLIENT, "%s version: %s, build: %s nodeid: %s", getprefix(),
880 cfg.cc_version, cc_build, cs_hexdump(0, cc->peer_node_id, 8, tmp_dbg, sizeof(tmp_dbg)));
881
882 return cc_cmd_send(cl, buf, 0x48, MSG_SRV_DATA);
883 }
884
885 int32_t loop_check(uint8_t *myid, struct s_client *cl)
886 {
887 if(!cl)
888 { return 0; }
889
890 struct cc_data *cc = cl->cc;
891 if(!cc)
892 { return 0; }
893
894 return !memcmp(myid, cc->peer_node_id, sizeof(cc->peer_node_id)); // same nodeid? ignore
895 }
896
897 /**
898 * reader
899 * retrieves the next waiting ecm request
900 */
901 int32_t cc_get_nxt_ecm(struct s_client *cl)
902 {
903 struct cc_data *cc = cl->cc;
904 ECM_REQUEST *er, *ern = NULL;
905 int32_t n, i, pending = 0;
906 struct timeb t;
907
908 cs_ftime(&t);
909 int32_t diff = (int32_t)cfg.ctimeout + 500;
910
911 n = -1;
912 for(i = 0; i < cfg.max_pending; i++)
913 {
914 er = &cl->ecmtask[i];
915 if((comp_timeb(&t, &er->tps) >= diff) && (er->rc >= E_NOCARD)) // drop timeouts
916 {
917 write_ecm_answer(cl->reader, er, E_TIMEOUT, 0, NULL, NULL, 0, NULL);
918 }
919
920 else if(er->rc >= E_NOCARD && er->rc <= E_UNHANDLED) // stil active and waiting
921 {
922 pending++;
923 if(loop_check(cc->peer_node_id, er->client))
924 {
925 cs_log_dbg(D_READER, "%s ecm loop detected! client %s (%8lX)",
926 getprefix(), er->client->account->usr, (unsigned long)er->client->thread);
927 write_ecm_answer(cl->reader, er, E_NOTFOUND, E2_CCCAM_LOOP, NULL, NULL, 0, NULL);
928 }
929 else
930 // search for the ecm with the lowest time, this should be the next to go
931 if(n < 0 || (ern->tps.time - er->tps.time < 0))
932 {
933
934 //check for already pending:
935 if(cc && cc->extended_mode)
936 {
937 int32_t j, found;
938 ECM_REQUEST *erx;
939 for(found = j = 0; j < cfg.max_pending; j++)
940 {
941 erx = &cl->ecmtask[j];
942 if(i != j && erx->rc == E_ALREADY_SENT &&
943 er->caid == erx->caid &&
944 er->ecmd5 == erx->ecmd5)
945 {
946 found = 1;
947 break;
948 }
949 }
950 if(!found)
951 {
952 n = i;
953 ern = er;
954 }
955 }
956 else
957 {
958 n = i;
959 ern = er;
960 }
961 }
962 }
963 }
964 cl->pending = pending;
965 return n;
966 }
967
968 /**
969 * sends the secret cmd05 answer to the server
970 */
971 int32_t send_cmd05_answer(struct s_client *cl)
972 {
973 struct cc_data *cc = cl->cc;
974 if(!cc->cmd05_active || cc->ecm_busy) //exit if not in cmd05 or waiting for ECM answer
975 { return 0; }
976
977 cc->cmd05_active--;
978 if(cc->cmd05_active)
979 { return 0; }
980
981 uint8_t *data = cc->cmd05_data;
982 cc_cmd05_mode cmd05_mode = MODE_UNKNOWN;
983
984 // by Project:Keynation
985 switch(cc->cmd05_data_len)
986 {
987 case 0: //payload 0, return with payload 0!
988 {
989 cc_cmd_send(cl, NULL, 0, MSG_CMD_05);
990 cmd05_mode = MODE_LEN0;
991 break;
992 }
993 case 256:
994 {
995 cmd05_mode = cc->cmd05_mode;
996 switch(cmd05_mode)
997 {
998 case MODE_PLAIN: //Send plain unencrypted back
999 {
1000 cc_cmd_send(cl, data, 256, MSG_CMD_05);
1001 break;
1002 }
1003 case MODE_AES: //encrypt with received aes128 key:
1004 {
1005 AES_KEY key;
1006 uint8_t aeskey[16];
1007 uint8_t out[256];
1008
1009 memcpy(aeskey, cc->cmd05_aeskey, 16);
1010 memset(&key, 0, sizeof(key));
1011
1012 AES_set_encrypt_key((unsigned char *) &aeskey, 128, &key);
1013 int32_t i;
1014 for(i = 0; i < 256; i += 16)
1015 AES_encrypt((unsigned char *) data + i, (unsigned char *) &out
1016 + i, &key);
1017
1018 cc_cmd_send(cl, out, 256, MSG_CMD_05);
1019 break;
1020 }
1021 case MODE_CC_CRYPT: //encrypt with cc_crypt:
1022 {
1023 cc_crypt(&cc->cmd05_cryptkey, data, 256, ENCRYPT);
1024 cc_cmd_send(cl, data, 256, MSG_CMD_05);
1025 break;
1026 }
1027 case MODE_RC4_CRYPT: //special xor crypt:
1028 {
1029 cc_rc4_crypt(&cc->cmd05_cryptkey, data, 256, DECRYPT);
1030 cc_cmd_send(cl, data, 256, MSG_CMD_05);
1031 break;
1032 }
1033 default:
1034 cmd05_mode = MODE_UNKNOWN;
1035 }
1036 break;
1037 }
1038 default:
1039 cmd05_mode = MODE_UNKNOWN;
1040 }
1041
1042 //unhandled types always needs cycle connection after 50 ECMs!!
1043 if(cmd05_mode == MODE_UNKNOWN)
1044 {
1045 cc_cmd_send(cl, NULL, 0, MSG_CMD_05);
1046 if(!cc->max_ecms) //max_ecms already set?
1047 {
1048 cc->max_ecms = 50;
1049 cc->ecm_counter = 0;
1050 }
1051 }
1052 cs_log_dbg(D_READER, "%s sending CMD_05 back! MODE: %s len=%d",
1053 getprefix(), cmd05_mode_name[cmd05_mode], cc->cmd05_data_len);
1054
1055 cc->cmd05NOK = 1;
1056 return 1;
1057 }
1058
1059 int32_t get_UA_ofs(uint16_t caid)
1060 {
1061 int32_t ofs = 0;
1062 switch(caid >> 8)
1063 {
1064 case 0x05: //VIACCESS:
1065 case 0x0D: //CRYPTOWORKS:
1066 // ofs = 1;
1067 // break;
1068 case 0x4B: //TONGFANG:
1069 case 0x09: //VIDEOGUARD:
1070 case 0x0B: //CONAX:
1071 case 0x18: //NAGRA:
1072 case 0x01: //SECA:
1073 case 0x00: //SECAMANAGMENT:
1074 case 0x17: //BETACRYPT
1075 case 0x06: //IRDETO:
1076 ofs = 2;
1077 break;
1078 }
1079
1080 return ofs;
1081 }
1082
1083 int32_t UA_len(uint8_t *ua)
1084 {
1085 int32_t i, len = 0;
1086 for(i = 0; i < 8; i++)
1087 if(ua[i]) { len++; }
1088 return len;
1089 }
1090 void UA_left(uint8_t *in, uint8_t *out, int32_t ofs)
1091 {
1092 memset(out, 0, 8);
1093 memcpy(out, in + ofs, 8 - ofs);
1094 }
1095
1096 void UA_right(uint8_t *in, uint8_t *out, int32_t len)
1097 {
1098 int32_t ofs = 0;
1099 while(len)
1100 {
1101 memcpy(out + ofs, in, len);
1102 len--;
1103 if(out[len]) { break; }
1104 ofs++;
1105 out[0] = 0;
1106 }
1107 }
1108
1109 /**
1110 * cccam uses UA right justified
1111 **/
1112 void cc_UA_oscam2cccam(uint8_t *in, uint8_t *out, uint16_t caid)
1113 {
1114 uint8_t tmp[8];
1115 memset(out, 0, 8);
1116 memset(tmp, 0, 8);
1117 //switch (caid>>8) {
1118 // case 0x17: //IRDETO/Betacrypt:
1119 // //oscam: AA BB CC DD 00 00 00 00
1120 // //cccam: 00 00 00 00 DD AA BB CC
1121 // out[4] = in[3]; //Hexbase
1122 // out[5] = in[0];
1123 // out[6] = in[1];
1124 // out[7] = in[2];
1125 // return;
1126 //
1127 // //Place here your own adjustments!
1128 //}
1129
1130 if (caid_is_bulcrypt(caid)) {
1131 out[4] = in[0];
1132 out[5] = in[1];
1133 out[6] = in[2];
1134 out[7] = in[3];
1135 return;
1136 }
1137
1138 hexserial_to_newcamd(in, tmp + 2, caid);
1139 UA_right(tmp, out, 8);
1140 }
1141
1142 /**
1143 * oscam has a special format, depends on offset or type:
1144 **/
1145 void cc_UA_cccam2oscam(uint8_t *in, uint8_t *out, uint16_t caid)
1146 {
1147 uint8_t tmp[8];
1148 memset(out, 0, 8);
1149 memset(tmp, 0, 8);
1150 //switch(caid>>8) {
1151 // case 0x17: //IRDETO/Betacrypt:
1152 // //cccam: 00 00 00 00 DD AA BB CC
1153 // //oscam: AA BB CC DD 00 00 00 00
1154 // out[0] = in[5];
1155 // out[1] = in[6];
1156 // out[2] = in[7];
1157 // out[3] = in[4]; //Hexbase
1158 // return;
1159
1160 // //Place here your own adjustments!
1161 //}
1162
1163 if (caid_is_bulcrypt(caid)) {
1164 out[0] = in[4];
1165 out[1] = in[5];
1166 out[2] = in[6];
1167 out[3] = in[7];
1168 return;
1169 }
1170
1171 int32_t ofs = get_UA_ofs(caid);
1172 UA_left(in, tmp, ofs);
1173 newcamd_to_hexserial(tmp, out, caid);
1174 }
1175
1176 void cc_SA_oscam2cccam(uint8_t *in, uint8_t *out)
1177 {
1178 memcpy(out, in, 4);
1179 }
1180
1181 void cc_SA_cccam2oscam(uint8_t *in, uint8_t *out)
1182 {
1183 memcpy(out, in, 4);
1184 }
1185
1186 int32_t cc_UA_valid(uint8_t *ua)
1187 {
1188 int32_t i;
1189 for(i = 0; i < 8; i++)
1190 if(ua[i])
1191 { return 1; }
1192 return 0;
1193 }
1194
1195 /**
1196 * Updates AU Data: UA (Unique ID / Hexserial) und SA (Shared ID - Provider)
1197 */
1198 void set_au_data(struct s_client *cl, struct s_reader *rdr, struct cc_card *card, ECM_REQUEST *cur_er)
1199 {
1200 if(rdr->audisabled || !cc_UA_valid(card->hexserial))
1201 { return; }
1202
1203 struct cc_data *cc = cl->cc;
1204 char tmp_dbg[17];
1205 cc->last_emm_card = card;
1206
1207 cc_UA_cccam2oscam(card->hexserial, rdr->hexserial, rdr->caid);
1208
1209 cs_log_dbg(D_EMM,
1210 "%s au info: caid %04X UA: %s",
1211 getprefix(), card->caid, cs_hexdump(0, rdr->hexserial, 8, tmp_dbg, sizeof(tmp_dbg)));
1212
1213 rdr->nprov = 0;
1214 LL_ITER it2 = ll_iter_create(card->providers);
1215 struct cc_provider *provider;
1216 int32_t p = 0;
1217 while((provider = ll_iter_next(&it2)))
1218 {
1219 if(!cur_er || provider->prov == cur_er->prid || !provider->prov || !cur_er->prid)
1220 {
1221 rdr->prid[p][0] = provider->prov >> 24;
1222 rdr->prid[p][1] = provider->prov >> 16;
1223 rdr->prid[p][2] = provider->prov >> 8;
1224 rdr->prid[p][3] = provider->prov & 0xFF;
1225 cc_SA_cccam2oscam(provider->sa, rdr->sa[p]);
1226
1227 cs_log_dbg(D_EMM, "%s au info: provider: %06X:%02X%02X%02X%02X", getprefix(),
1228 provider->prov,
1229 provider->sa[0], provider->sa[1], provider->sa[2], provider->sa[3]);
1230
1231 p++;
1232 rdr->nprov = p;
1233 if(p >= CS_MAXPROV) { break; }
1234 }
1235 }
1236
1237 if(!rdr->nprov) //No Providers? Add null-provider:
1238 {
1239 memset(rdr->prid[0], 0, sizeof(rdr->prid[0]));
1240 rdr->nprov = 1;
1241 }
1242
1243 rdr->caid = card->caid;
1244 if (cur_er)
1245 rdr->auprovid = cur_er->prid;
1246 }
1247
1248 int32_t same_first_node(struct cc_card *card1, struct cc_card *card2)
1249 {
1250 uint8_t *node1 = ll_has_elements(card1->remote_nodes);
1251 uint8_t *node2 = ll_has_elements(card2->remote_nodes);
1252
1253 if(!node1 && !node2) { return 1; } //both NULL, same!
1254
1255 if(!node1 || !node2) { return 0; } //one NULL, not same!
1256
1257 return !memcmp(node1, node2, 8); //same?
1258 }
1259
1260 int32_t same_card2(struct cc_card *card1, struct cc_card *card2, int8_t compare_grp)
1261 {
1262 return (card1->caid == card2->caid &&
1263 card1->card_type == card2->card_type &&
1264 card1->sidtab == card2->sidtab &&
1265 (!compare_grp || card1->grp == card2->grp) &&
1266 !memcmp(card1->hexserial, card2->hexserial, sizeof(card1->hexserial)));
1267 }
1268
1269 int32_t same_card(struct cc_card *card1, struct cc_card *card2)
1270 {
1271 return (card1->remote_id == card2->remote_id &&
1272 same_card2(card1, card2, 1) &&
1273 same_first_node(card1, card2));
1274 }
1275
1276 struct cc_card *get_matching_card(struct s_client *cl, ECM_REQUEST *cur_er, int8_t chk_only)
1277 {
1278 struct cc_data *cc = cl->cc;
1279 struct s_reader *rdr = cl->reader;
1280 if(cl->kill || !rdr || !cc)
1281 { return NULL; }
1282
1283 struct cc_srvid cur_srvid;
1284 cur_srvid.sid = cur_er->srvid;
1285 cur_srvid.chid = cur_er->chid;
1286 cur_srvid.ecmlen = cur_er->ecmlen;
1287
1288 int32_t best_rating = MIN_RATING - 1, rating;
1289
1290 LL_ITER it = ll_iter_create(cc->cards);
1291 struct cc_card *card = NULL, *ncard, *xcard = NULL;
1292 while((ncard = ll_iter_next(&it)))
1293 {
1294 int lb_match = 0;
1295 if (config_enabled(WITH_LB)) {
1296 //accept beta card when beta-tunnel is on
1297 lb_match = chk_only && cfg.lb_mode && cfg.lb_auto_betatunnel &&
1298 (
1299 (caid_is_nagra(cur_er->caid) && caid_is_betacrypt(ncard->caid) && cfg.lb_auto_betatunnel_mode <= 3) ||
1300 (caid_is_betacrypt(cur_er->caid) && caid_is_nagra(ncard->caid) && cfg.lb_auto_betatunnel_mode >= 1)
1301 );
1302 }
1303
1304 if((ncard->caid == cur_er->caid // caid matches
1305 || (rdr->cc_want_emu && (ncard->caid == (cur_er->caid & 0xFF00))))
1306 // or system matches if caid ends with 00
1307 // needed for wantemu
1308 || lb_match
1309 )
1310 {
1311 int32_t goodSidCount = ll_count(ncard->goodsids);
1312 int32_t badSidCount = ll_count(ncard->badsids);
1313 struct cc_srvid *good_sid;
1314 struct cc_srvid_block *blocked_sid;
1315
1316 // only good sids -> check if sid is good
1317 if(goodSidCount && !badSidCount)
1318 {
1319 good_sid = is_good_sid(ncard, &cur_srvid);
1320 if(!good_sid)
1321 { continue; }
1322 }
1323 // only bad sids -> check if sid is bad
1324 else if(!goodSidCount && badSidCount)
1325 {
1326 blocked_sid = is_sid_blocked(ncard, &cur_srvid);
1327 if(blocked_sid && (!chk_only || blocked_sid->blocked_till == 0))
1328 { continue; }
1329 }
1330 // bad and good sids -> check not blocked and good
1331 else if (goodSidCount && badSidCount)
1332 {
1333 blocked_sid = is_sid_blocked(ncard, &cur_srvid);
1334 good_sid = is_good_sid(ncard, &cur_srvid);
1335
1336 if(blocked_sid && (!chk_only || blocked_sid->blocked_till == 0))
1337 { continue; }
1338 if(!good_sid)
1339 { continue; }
1340 }
1341
1342
1343 if(!(rdr->cc_want_emu) && caid_is_nagra(ncard->caid) && (!xcard || ncard->hop < xcard->hop))
1344 { xcard = ncard; } //remember card (D+ / 1810 fix) if request has no provider, but card has
1345
1346 rating = ncard->rating - ncard->hop * HOP_RATING;
1347 if(rating < MIN_RATING)
1348 { rating = MIN_RATING; }
1349 else if(rating > MAX_RATING)
1350 { rating = MAX_RATING; }
1351
1352 if(!ll_count(ncard->providers)) //card has no providers:
1353 {
1354 if(rating > best_rating)
1355 {
1356 // ncard is closer
1357 card = ncard;
1358 best_rating = rating; // ncard has been matched
1359 }
1360
1361 }
1362 else //card has providers
1363 {
1364 LL_ITER it2 = ll_iter_create(ncard->providers);
1365 struct cc_provider *provider;
1366 while((provider = ll_iter_next(&it2)))
1367 {
1368 if(!cur_er->prid || (provider->prov == cur_er->prid)) // provid matches
1369 {
1370 if(rating > best_rating)
1371 {
1372 // ncard is closer
1373 card = ncard;
1374 best_rating = rating; // ncard has been matched
1375 }
1376 }
1377 }
1378 }
1379 }
1380 }
1381 if(!card)
1382 { card = xcard; } //18xx: if request has no provider and we have no card, we try this card
1383
1384 return card;
1385 }
1386
1387 //reopen all blocked sids for this srvid:
1388 static void reopen_sids(struct cc_data *cc, int8_t ignore_time, ECM_REQUEST *cur_er, struct cc_srvid *cur_srvid)
1389 {
1390 time_t utime = time(NULL);
1391 struct cc_card *card;
1392 LL_ITER it = ll_iter_create(cc->cards);
1393 while((card = ll_iter_next(&it)))
1394 {
1395 if(card->caid == cur_er->caid) // caid matches
1396 {
1397 LL_ITER it2 = ll_iter_create(card->badsids);
1398 struct cc_srvid_block *srvid;
1399 while((srvid = ll_iter_next(&it2)))
1400 if(srvid->blocked_till > 0 && sid_eq((struct cc_srvid *)srvid, cur_srvid))
1401 {
1402 if(ignore_time || srvid->blocked_till <= utime)
1403 { ll_iter_remove_data(&it2); }
1404 }
1405 }
1406 }
1407
1408 }
1409
1410 static int8_t cc_request_timeout(struct s_client *cl)
1411 {
1412 struct s_reader *rdr = cl->reader;
1413 struct cc_data *cc = cl->cc;
1414 struct timeb timeout;
1415 struct timeb cur_time;
1416
1417 if(!cc || !cc->ecm_busy)
1418 { return 0; }
1419
1420 cs_ftime(&cur_time);
1421
1422 timeout = cc->ecm_time;
1423 int32_t tt = rdr->cc_reconnect;
1424 if(tt <= 0)
1425 { tt = DEFAULT_CC_RECONNECT; }
1426
1427 add_ms_to_timeb(&timeout, tt);
1428 return (comp_timeb(&cur_time, &timeout) >= 0);
1429 }
1430
1431 /**
1432 * reader
1433 * sends a ecm request to the connected CCCam Server
1434 */
1435 int32_t cc_send_ecm(struct s_client *cl, ECM_REQUEST *er)
1436 {
1437 struct s_reader *rdr = cl->reader;
1438
1439 //cs_log_dbg(D_TRACE, "%s cc_send_ecm", getprefix());
1440 if(!rdr->tcp_connected)
1441 { cc_cli_connect(cl); }
1442
1443 int32_t n;
1444 struct cc_data *cc = cl->cc;
1445 struct cc_card *card = NULL;
1446 LL_ITER it;
1447 ECM_REQUEST *cur_er;
1448 struct timeb cur_time;
1449 cs_ftime(&cur_time);
1450
1451 if(!cc || (cl->pfd < 1) || !rdr->tcp_connected)
1452 {
1453 if(er)
1454 {
1455 cs_log_dbg(D_READER, "%s server not init! ccinit=%d pfd=%d",
1456 rdr->label, cc ? 1 : 0, cl->pfd);
1457 write_ecm_answer(rdr, er, E_NOTFOUND, E2_CCCAM_NOCARD, NULL, NULL, 0, NULL);
1458 }
1459 //cc_cli_close(cl);
1460 return 0;
1461 }
1462
1463 if(rdr->tcp_connected != 2)
1464 {
1465 cs_log_dbg(D_READER, "%s Waiting for CARDS", getprefix());
1466 return 0;
1467 }
1468
1469 //No Card? Waiting for shares
1470 if(!ll_has_elements(cc->cards))
1471 {
1472 cs_log_dbg(D_READER, "%s NO CARDS!", getprefix());
1473 return 0;
1474 }
1475
1476 cc->just_logged_in = 0;
1477
1478 if(!cc->extended_mode)
1479 {
1480 //Without extended mode, only one ecm at a time could be send
1481 //this is a limitation of "O" CCCam
1482 if(cc->ecm_busy > 0) //Unlock by NOK or ECM ACK
1483 {
1484 cs_log_dbg(D_READER,
1485 "%s ecm trylock: ecm busy, retrying later after msg-receive",
1486 getprefix());
1487
1488 if(!cc_request_timeout(cl))
1489 { return 0; } //pending send...
1490 if(!cc_cycle_connection(cl))
1491 { return 0; }
1492 }
1493 cc->ecm_busy = 1;
1494 cs_log_dbg(D_READER, "cccam: ecm trylock: got lock");
1495 }
1496 int32_t processed_ecms = 0;
1497 do
1498 {
1499 cc->ecm_time = cur_time;
1500
1501 //Search next ECM to send:
1502 if((n = cc_get_nxt_ecm(cl)) < 0)
1503 {
1504 if(!cc->extended_mode)
1505 {
1506 cc->ecm_busy = 0;
1507 }
1508 cs_log_dbg(D_READER, "%s no ecm pending!", getprefix());
1509 if(!cc_send_pending_emms(cl))
1510 { send_cmd05_answer(cl); }
1511 return 0; // no queued ecms
1512 }
1513 cur_er = &cl->ecmtask[n];
1514 cur_er->rc = E_ALREADY_SENT; //mark ECM as already send
1515 cs_log_dbg(D_READER, "cccam: ecm-task %d", cur_er->idx);
1516
1517 //sleepsend support:
1518 static const char *typtext[] = { "ok", "invalid", "sleeping" };
1519
1520 if(cc->sleepsend && cl->stopped)
1521 {
1522 if(cur_er->srvid == cl->lastsrvid && cur_er->caid == cl->lastcaid
1523 && cur_er->pid == cl->lastpid)
1524 {
1525 cs_log(
1526 "%s is stopped - requested by server (%s)", cl->reader->label, typtext[cl->stopped]);
1527 if(!cc->extended_mode)
1528 {
1529 cc->ecm_busy = 0;
1530 }
1531 write_ecm_answer(rdr, cur_er, E_STOPPED, 0, NULL, NULL, 0, NULL);
1532 return 0;
1533 }
1534 else
1535 {
1536 cl->stopped = 0;
1537 }
1538 }
1539
1540 cl->lastsrvid = cur_er->srvid;
1541 cl->lastcaid = cur_er->caid;
1542 cl->lastpid = cur_er->pid;
1543 //sleepsend support end
1544
1545 struct cc_srvid cur_srvid;
1546 cur_srvid.sid = cur_er->srvid;
1547 cur_srvid.chid = cur_er->chid;
1548 cur_srvid.ecmlen = cur_er->ecmlen;
1549
1550 cs_readlock(__func__, &cc->cards_busy);
1551
1552 //forward_origin:
1553 if(cfg.cc_forward_origin_card && cur_er->origin_reader == rdr
1554 && cur_er->origin_card)
1555 {
1556 it = ll_iter_create(cc->cards);
1557 struct cc_card *ncard;
1558 while((ncard = ll_iter_next(&it)))
1559 {
1560 if(ncard == cur_er->origin_card) //Search the origin card
1561 {
1562 card = ncard; //found it, use it!
1563 break;
1564 }
1565 }
1566 }
1567
1568 if(!card)
1569 {
1570 reopen_sids(cc, 0, cur_er, &cur_srvid);
1571 card = get_matching_card(cl, cur_er, 0);
1572 }
1573
1574 if(!card && has_srvid(rdr->client, cur_er))
1575 {
1576 reopen_sids(cc, 1, cur_er, &cur_srvid);
1577 card = get_matching_card(cl, cur_er, 0);
1578 }
1579
1580 if(card)
1581 {
1582 uint8_t *ecmbuf;
1583 if(!cs_malloc(&ecmbuf, cur_er->ecmlen + 13))
1584 { break; }
1585
1586 // build ecm message
1587 ecmbuf[0] = cur_er->caid >> 8;
1588 ecmbuf[1] = cur_er->caid & 0xff;
1589 ecmbuf[2] = cur_er->prid >> 24;
1590 ecmbuf[3] = cur_er->prid >> 16;
1591 ecmbuf[4] = cur_er->prid >> 8;
1592 ecmbuf[5] = cur_er->prid & 0xff;
1593 ecmbuf[6] = card->id >> 24;
1594 ecmbuf[7] = card->id >> 16;
1595 ecmbuf[8] = card->id >> 8;
1596 ecmbuf[9] = card->id & 0xff;
1597 ecmbuf[10] = cur_er->srvid >> 8;
1598 ecmbuf[11] = cur_er->srvid & 0xff;
1599 ecmbuf[12] = cur_er->ecmlen & 0xff;
1600 memcpy(ecmbuf + 13, cur_er->ecm, cur_er->ecmlen);
1601
1602 uint8_t send_idx = 1;
1603 if(cc->extended_mode)
1604 {
1605 cc->server_ecm_idx++;
1606 if(cc->server_ecm_idx >= 256)
1607 { cc->server_ecm_idx = 1; }
1608 cc->g_flag = cc->server_ecm_idx; //Flag is used as index!
1609 send_idx = cc->g_flag;
1610 }
1611
1612 struct cc_extended_ecm_idx *eei = get_extended_ecm_idx(cl, send_idx, 0);
1613 if(eei)
1614 {
1615 eei->ecm_idx = cur_er->idx;
1616 eei->card = card;
1617 eei->cccam_id = card->id;
1618 eei->srvid = cur_srvid;
1619 }
1620 else
1621 {
1622 eei = add_extended_ecm_idx(cl, send_idx, cur_er->idx, card, cur_srvid, 0);
1623 if(!eei)
1624 {
1625 NULLFREE(ecmbuf);
1626 cs_readunlock(__func__, &cc->cards_busy);
1627 break;
1628 }
1629 }
1630 eei->tps = cur_er->tps;
1631
1632 rdr->currenthops = card->hop;
1633 rdr->card_status = CARD_INSERTED;
1634
1635 cs_log_dbg(
1636 D_READER,
1637 "%s sending ecm for sid %04X(%d) to card %08x, hop %d, ecmtask %d", getprefix(), cur_er->srvid, cur_er->ecmlen, card->id, card->hop, cur_er->idx);
1638 cl->reader->last_s = time(NULL);
1639 cc_cmd_send(cl, ecmbuf, cur_er->ecmlen + 13, MSG_CW_ECM); // send ecm
1640
1641 NULLFREE(ecmbuf);
1642
1643 //For EMM
1644 set_au_data(cl, rdr, card, cur_er);
1645 cs_readunlock(__func__, &cc->cards_busy);
1646
1647 processed_ecms++;
1648 if(cc->extended_mode)
1649 { continue; } //process next pending ecm!
1650 return 0;
1651 }
1652 else
1653 {
1654 //When connecting, it could happen than ecm requests come before all cards are received.
1655 //So if the last Message was a MSG_NEW_CARD, this "card receiving" is not already done
1656 //if this happens, we do not autoblock it and do not set rc status
1657 //So fallback could resolve it
1658 if(cc->last_msg != MSG_NEW_CARD
1659 && cc->last_msg != MSG_NEW_CARD_SIDINFO
1660 && cc->last_msg != MSG_CARD_REMOVED
1661 && !cc->just_logged_in)
1662 {
1663 cs_log_dbg(D_READER,
1664 "%s no suitable card on server", getprefix());
1665
1666 write_ecm_answer(rdr, cur_er, E_NOTFOUND, E2_CCCAM_NOCARD, NULL, NULL, 0, NULL);
1667
1668 //cur_er->rc = 1;
1669 //cur_er->rcEx = 0;
1670 //cs_sleepms(300);
1671 rdr->last_s = rdr->last_g;
1672
1673 reopen_sids(cc, 0, cur_er, &cur_srvid);
1674 }
1675 else
1676 {
1677 //We didn't find a card and the last message was MSG_CARD_REMOVED - so we wait for a new card and process die ecm later
1678 cur_er->rc = E_WAITING; //mark as waiting
1679 }
1680 }
1681 cs_readunlock(__func__, &cc->cards_busy);
1682
1683 //process next pending ecm!
1684 }
1685 while(cc->extended_mode || processed_ecms == 0);
1686
1687 //Now mark all waiting as unprocessed:
1688 int8_t i;
1689 for(i = 0; i < cfg.max_pending; i++)
1690 {
1691 er = &cl->ecmtask[i];
1692 if(er->rc == E_WAITING)
1693 { er->rc = E_UNHANDLED; }
1694 }
1695
1696 if(!cc->extended_mode)
1697 {
1698 cc->ecm_busy = 0;
1699 }
1700
1701 return 0;
1702 }
1703
1704 /*
1705 int32_t cc_abort_user_ecms(){
1706 int32_t n, i;
1707 time_t t;//, tls;
1708 struct cc_data *cc = rdr->cc;
1709
1710 t=time((time_t *)0);
1711 for (i = 1, n = 1; i < cfg.max_pending; i++)
1712 {
1713 if ((t-cl->ecmtask[i].tps.time > ((cfg.ctimeout + 500) / 1000) + 1) &&
1714 (cl->ecmtask[i].rc>=10)) // drop timeouts
1715 {
1716 cl->ecmtask[i].rc=0;
1717 }
1718 int32_t td=abs(comp_timeb(&ecmtask[i].tps, &cc->found->tps);
1719 if (ecmtask[i].rc>=10 && ecmtask[i].cidx==cc->found->cidx && &ecmtask[i]!=cc->found){
1720 cs_log("aborting idx:%d caid:%04x client:%d timedelta:%d",ecmtask[i].idx,ecmtask[i].caid,ecmtask[i].cidx,td);
1721 ecmtask[i].rc=0;
1722 ecmtask[i].rcEx=7;
1723 write_ecm_answer(rdr, fd_c2m, &ecmtask[i], 0, NULL);
1724 }
1725 }
1726 return n;
1727
1728 }
1729 */
1730
1731 int32_t cc_send_pending_emms(struct s_client *cl)
1732 {
1733 struct cc_data *cc = cl->cc;
1734 if (!cc)
1735 return 0;
1736
1737 LL_ITER it = ll_iter_create(cc->pending_emms);
1738 uint8_t *emmbuf;
1739 int32_t size = 0;
1740 if((emmbuf = ll_iter_next(&it)))
1741 {
1742 if(!cc->extended_mode)
1743 {
1744 if(cc->ecm_busy > 0) //Unlock by NOK or ECM ACK
1745 {
1746 return 0; //send later with cc_send_ecm
1747 }
1748 cc->ecm_busy = 1;
1749 }
1750 //Support for emmsize>256 bytes:
1751 size = (emmbuf[11] | (emmbuf[2] << 8)) + 12;
1752 emmbuf[2] = 0;
1753
1754 cc->just_logged_in = 0;
1755 cs_ftime(&cc->ecm_time);
1756
1757 cs_log_dbg(D_EMM, "%s emm send for card %08X", getprefix(), b2i(4,
1758 emmbuf + 7));
1759
1760 cc_cmd_send(cl, emmbuf, size, MSG_EMM_ACK); // send emm
1761 cl->last = time(NULL);
1762 cl->reader->last_g = time(NULL);
1763 cl->reader->last_s = time(NULL);
1764
1765 ll_iter_remove_data(&it);
1766 }
1767
1768 return size;
1769 }
1770
1771 /**
1772 * READER only:
1773 * find card by hexserial
1774 * */
1775 struct cc_card *get_card_by_hexserial(struct s_client *cl, uint8_t *hexserial,
1776 uint16_t caid)
1777 {
1778 struct cc_data *cc = cl->cc;
1779 LL_ITER it = ll_iter_create(cc->cards);
1780 struct cc_card *card;
1781 while((card = ll_iter_next(&it)))
1782 if(card->caid == caid && memcmp(card->hexserial, hexserial, 8) == 0) //found it!
1783 {
1784 break;
1785 }
1786 return card;
1787 }
1788
1789 /**
1790 * EMM Procession
1791 * Copied from http://85.17.209.13:6100/file/8ec3c0c5d257/systems/cardclient/cccam2.c
1792 * ProcessEmm
1793 * */
1794 int32_t cc_send_emm(EMM_PACKET *ep)
1795 {
1796 struct s_client *cl = cur_client();
1797 struct s_reader *rdr = cl->reader;
1798
1799 if(!rdr->tcp_connected)
1800 { cc_cli_connect(cl); }
1801
1802 struct cc_data *cc = cl->cc;
1803
1804 if(!cc || (cl->pfd < 1) || !rdr->tcp_connected)
1805 {
1806 cs_log_dbg(D_READER, "%s server not init! ccinit=%d pfd=%d", getprefix(), cc ? 1 : 0,
1807 cl->pfd);
1808 return 0;
1809 }
1810 if(rdr->audisabled)
1811 {
1812 cs_log_dbg(D_READER, "%s au is disabled", getprefix());
1813 return 0;
1814 }
1815
1816 uint16_t caid = b2i(2, ep->caid);
1817
1818 //Last used card is first card of current_cards:
1819 cs_readlock(__func__, &cc->cards_busy);
1820
1821 struct cc_card *emm_card = cc->last_emm_card;
1822
1823 if(!emm_card)
1824 {
1825 uint8_t hs[8];
1826 char tmp_dbg[17];
1827 cc_UA_oscam2cccam(ep->hexserial, hs, caid);
1828 cs_log_dbg(D_EMM,
1829 "%s au info: searching card for caid %04X oscam-UA: %s",
1830 getprefix(), b2i(2, ep->caid), cs_hexdump(0, ep->hexserial, 8, tmp_dbg, sizeof(tmp_dbg)));
1831 cs_log_dbg(D_EMM,
1832 "%s au info: searching card for caid %04X cccam-UA: %s",
1833 getprefix(), b2i(2, ep->caid), cs_hexdump(0, hs, 8, tmp_dbg, sizeof(tmp_dbg)));
1834
1835 emm_card = get_card_by_hexserial(cl, hs, caid);
1836 }
1837
1838 if(!emm_card) //Card for emm not found!
1839 {
1840 cs_log_dbg(D_EMM, "%s emm for client %8lX not possible, no card found!",
1841 getprefix(), (unsigned long)ep->client->thread);
1842 cs_readunlock(__func__, &cc->cards_busy);
1843 return 0;
1844 }
1845
1846 cs_log_dbg(D_EMM,
1847 "%s emm received for client %8lX caid %04X for card %08X",
1848 getprefix(), (unsigned long)ep->client->thread, caid, emm_card->id);
1849
1850 int32_t size = ep->emmlen + 12;
1851 uint8_t *emmbuf;
1852 if(!cs_malloc(&emmbuf, size))
1853 { return 0; }
1854
1855 // build ecm message
1856 emmbuf[0] = ep->caid[0];
1857 emmbuf[1] = ep->caid[1];
1858 emmbuf[2] = ep->emmlen >> 8; //Support for emm len > 256bytes
1859 emmbuf[3] = ep->provid[0];
1860 emmbuf[4] = ep->provid[1];
1861 emmbuf[5] = ep->provid[2];
1862 emmbuf[6] = ep->provid[3];
1863 emmbuf[7] = emm_card->id >> 24;
1864 emmbuf[8] = emm_card->id >> 16;
1865 emmbuf[9] = emm_card->id >> 8;
1866 emmbuf[10] = emm_card->id & 0xff;
1867 emmbuf[11] = ep->emmlen & 0xff;
1868 memcpy(emmbuf + 12, ep->emm, ep->emmlen);
1869
1870 cs_readunlock(__func__, &cc->cards_busy);
1871
1872 ll_append(cc->pending_emms, emmbuf);
1873 cc_send_pending_emms(cl);
1874
1875 return 1;
1876 }
1877
1878 void cc_free_card(struct cc_card *card)
1879 {
1880 if(!card)
1881 { return; }
1882
1883 ll_destroy_data(&card->providers);
1884 ll_destroy_data(&card->badsids);
1885 ll_destroy_data(&card->goodsids);
1886 ll_destroy_data(&card->remote_nodes);
1887
1888 add_garbage(card);
1889 }
1890
1891 struct cc_card *cc_get_card_by_id(uint32_t card_id, LLIST *cards)
1892 {
1893 if(!cards)
1894 { return NULL; }
1895 LL_ITER it = ll_iter_create(cards);
1896 struct cc_card *card;
1897 while((card = ll_iter_next(&it)))
1898 {
1899 if(card->id == card_id)
1900 {
1901 break;
1902 }
1903 }
1904 return card;
1905 }
1906
1907 void cc_free_cardlist(LLIST *card_list, int32_t destroy_list)
1908 {
1909 if(card_list)
1910 {
1911 LL_ITER it = ll_iter_create(card_list);
1912 struct cc_card *card;
1913 while((card = ll_iter_next_remove(&it)))
1914 {
1915 cc_free_card(card);
1916 }
1917 if(destroy_list)
1918 ll_destroy(&card_list);
1919 }
1920 }
1921
1922 /**
1923 * Clears and free the cc datas
1924 */
1925 void cc_free(struct s_client *cl)
1926 {
1927 struct cc_data *cc = cl->cc;
1928 if(!cc) { return; }
1929
1930 cl->cc = NULL;
1931
1932 cs_writelock(__func__, &cc->lockcmd);
1933
1934 cs_log_dbg(D_TRACE, "exit cccam1/3");
1935 cc_free_cardlist(cc->cards, 1);
1936 ll_destroy_data(&cc->pending_emms);
1937 free_extended_ecm_idx(cc);
1938 ll_destroy_data(&cc->extended_ecm_idx);
1939
1940 cs_writeunlock(__func__, &cc->lockcmd);
1941
1942 cs_log_dbg(D_TRACE, "exit cccam2/3");
1943
1944 add_garbage(cc->prefix);
1945 add_garbage(cc);
1946
1947 cs_log_dbg(D_TRACE, "exit cccam3/3");
1948 }
1949
1950 int32_t is_null_dcw(uint8_t *dcw)
1951 {
1952 int32_t i;
1953 for(i = 0; i < 15; i++)
1954 if(dcw[i])
1955 { return 0; }
1956 return 1;
1957 }
1958
1959 /*int32_t is_dcw_corrupted(uchar *dcw)
1960 {
1961 int32_t i;
1962 int32_t c, cs;
1963
1964 for (i=0; i<16; i+=4)
1965 {
1966 c = (dcw[i] + dcw[i+1] + dcw[i+2]) & 0xFF;
1967 cs = dcw[i+3];
1968 if (cs!=c) return (1);
1969 }
1970 return 0;
1971 }
1972 */
1973
1974 int32_t check_extended_mode(struct s_client *cl, char *msg)
1975 {
1976 //Extended mode: if PARTNER String is ending with [PARAM], extended mode is activated
1977 //For future compatibilty the syntax should be compatible with
1978 //[PARAM1,PARAM2...PARAMn]
1979 //
1980 // EXT: Extended ECM Mode: Multiple ECMs could be send and received
1981 // ECMs are numbered, Flag (byte[0] is the index
1982 //
1983 // SID: Exchange of good sids/bad sids activated (like cccam 2.2.x)
1984 // card exchange command MSG_NEW_CARD_SIDINFO instead MSG_NEW_CARD is used
1985 //
1986 // SLP: Sleepsend supported, like camd35
1987 //
1988
1989 struct cc_data *cc = cl->cc;
1990 char *saveptr1 = NULL;
1991 int32_t has_param = 0;
1992 char *p = strtok_r(msg, "[", &saveptr1);
1993 while(p)
1994 {
1995 p = strtok_r(NULL, ",]", &saveptr1);
1996 if(p && strncmp(p, "EXT", 3) == 0)
1997 {
1998 cc->extended_mode = 1;
1999 cs_log_dbg(D_CLIENT, "%s extended ECM mode", getprefix());
2000 has_param = 1;
2001 }
2002 else if(p && strncmp(p, "SID", 3) == 0)
2003 {
2004 cc->cccam220 = 1;
2005 cs_log_dbg(D_CLIENT, "%s extra SID mode", getprefix());
2006 has_param = 1;
2007 }
2008 else if(p && strncmp(p, "SLP", 3) == 0)
2009 {
2010 cc->sleepsend = 1;
2011 cs_log_dbg(D_CLIENT, "%s sleepsend", getprefix());
2012 has_param = 1;
2013 }
2014 }
2015 return has_param;
2016 }
2017
2018 void cc_idle(void)
2019 {
2020 struct s_client *cl = cur_client();
2021 struct s_reader *rdr = cl->reader;
2022 struct cc_data *cc = cl->cc;
2023
2024 if(!cl->udp_fd)
2025 { cc_cli_close(cl, 0); }
2026
2027 if(rdr && !rdr->tcp_connected && (rdr->cc_keepalive || (rdr->tcp_ito == -1 && (rdr->last_s !=0 || rdr->last_g !=0))))
2028 {
2029 cc_cli_connect(cl);
2030 }
2031
2032 if(!rdr || !rdr->tcp_connected || !cl || !cc)
2033 { return; }
2034
2035 time_t now = time(NULL);
2036 if(rdr->cc_keepalive)
2037 {
2038 if(cc_cmd_send(cl, NULL, 0, MSG_KEEPALIVE) > 0)
2039 {
2040 cs_log_dbg(D_READER, "cccam: keepalive");
2041 if(cl)
2042 {
2043 cl->last = now;
2044 }
2045 if(cl->reader)
2046 {
2047 cl->reader->last_s = now;
2048 cl->reader->last_g = now;
2049 }
2050 }
2051 return;
2052 }
2053 else
2054 {
2055 //cs_log("last_s - now = %d, last_g - now = %d, tcp_ito=%d", abs(rdr->last_s - now), abs(rdr->last_g - now), rdr->tcp_ito);
2056 //check inactivity timeout:
2057 if(rdr->tcp_ito > 0)
2058 {
2059 if((llabs(rdr->last_s - now) > rdr->tcp_ito) && (llabs(rdr->last_g - now) > rdr->tcp_ito)) // inactivity timeout is entered in seconds in webif!
2060 {
2061 rdr_log_dbg(rdr, D_READER, "inactive_timeout, close connection (fd=%d)", rdr->client->pfd);
2062 network_tcp_connection_close(rdr, "inactivity");
2063 return;
2064 }
2065 }
2066
2067 //check read timeout:
2068 int32_t rto = llabs(rdr->last_g - now);
2069 //cs_log("last_g - now = %d, rto=%d", rto, rdr->tcp_rto);
2070 if(rto > (rdr->tcp_rto) && (rdr->last_g !=0 || rdr->last_s !=0) && rdr->last_s != rdr->last_g) // this is also entered in seconds, actually its an receive timeout!
2071 {
2072 rdr_log_dbg(rdr, D_READER, "read timeout, close connection (fd=%d)", rdr->client->pfd);
2073 network_tcp_connection_close(rdr, "rto");
2074 return;
2075 }
2076 }
2077 }
2078
2079 struct cc_card *read_card(uint8_t *buf, int32_t buflen, int32_t ext)
2080 {
2081 struct cc_card *card;
2082 int16_t nprov, nassign = 0, nreject = 0;
2083 int32_t offset = 21;
2084
2085 if(buflen < 21)
2086 { return NULL; }
2087
2088 if(!cs_malloc(&card, sizeof(struct cc_card)))
2089 { return NULL; }
2090
2091 card->providers = ll_create("providers");
2092 card->badsids = ll_create("badsids");
2093 card->goodsids = ll_create("goodsids");
2094 card->remote_nodes = ll_create("remote_nodes");
2095 card->id = b2i(4, buf);
2096 card->remote_id = b2i(4, buf + 4);
2097 card->caid = b2i(2, buf + 8);
2098 card->hop = buf[10];
2099 card->reshare = buf[11];
2100 card->is_ext = ext;
2101 card->card_type = CT_REMOTECARD;
2102 memcpy(card->hexserial, buf + 12, 8); //HEXSERIAL!!
2103
2104 //cs_log_dbg(D_CLIENT, "cccam: card %08x added, caid %04X, hop %d, key %s, count %d",
2105 // card->id, card->caid, card->hop, cs_hexdump(0, card->hexserial, 8, tmp_dbg, sizeof(tmp_dbg)),
2106 // ll_count(cc->cards));
2107
2108 nprov = buf[20];
2109
2110 if(ext)
2111 {
2112 if(buflen < 23)
2113 { cc_free_card(card); return NULL; }
2114
2115 nassign = buf[21];
2116 nreject = buf[22];
2117
2118 offset += 2;
2119 }
2120
2121 if(buflen < (offset + (nprov*7)))
2122 { cc_free_card(card); return NULL; }
2123
2124 int16_t i;
2125 for(i = 0; i < nprov; i++) // providers
2126 {
2127 struct cc_provider *prov;
2128 if(!cs_malloc(&prov, sizeof(struct cc_provider)))
2129 { break; }
2130 prov->prov = b2i(3, buf + offset);
2131 if(prov->prov == 0xFFFFFF && caid_is_betacrypt(card->caid))
2132 { prov->prov = i; }
2133 memcpy(prov->sa, buf + offset + 3, 4);
2134 //cs_log_dbg(D_CLIENT, " prov %d, %06x, sa %08x", i + 1, prov->prov, b2i(4,
2135 // prov->sa));
2136
2137 ll_append(card->providers, prov);
2138 offset += 7;
2139 }
2140
2141 if(ext)
2142 {
2143 if(buflen < (offset + (nassign*2) + (nreject*2)))
2144 { cc_free_card(card); return NULL; }
2145
2146 for(i = 0; i < nassign; i++)
2147 {
2148 uint16_t sid = b2i(2, buf + offset);
2149 //cs_log_dbg(D_CLIENT, " assigned sid = %04X, added to good sid list", sid);
2150
2151 struct cc_srvid *srvid;
2152 if(!cs_malloc(&srvid, sizeof(struct cc_srvid)))
2153 { break; }
2154 srvid->sid = sid;
2155 srvid->chid = 0;
2156 srvid->ecmlen = 0;
2157 ll_append(card->goodsids, srvid);
2158 offset += 2;
2159 }
2160
2161 for(i = 0; i < nreject; i++)
2162 {
2163 uint16_t sid = b2i(2, buf + offset);
2164 //cs_log_dbg(D_CLIENT, " rejected sid = %04X, added to sid block list", sid);
2165
2166 struct cc_srvid_block *srvid;
2167 if(!cs_malloc(&srvid, sizeof(struct cc_srvid_block)))
2168 { break; }
2169 srvid->sid = sid;
2170 srvid->chid = 0;
2171 srvid->ecmlen = 0;
2172 srvid->blocked_till = 0;
2173 ll_append(card->badsids, srvid);
2174 offset += 2;
2175 }
2176 }
2177
2178 if(buflen < (offset + 1))
2179 { return card; }
2180
2181 int16_t remote_count = buf[offset];
2182 offset++;
2183
2184 if(buflen < (offset + (remote_count*8)))
2185 { cc_free_card(card); return NULL; }
2186
2187 for(i = 0; i < remote_count; i++)
2188 {
2189 uint8_t *remote_node;
2190 if(!cs_malloc(&remote_node, 8))
2191 { break; }
2192 memcpy(remote_node, buf + offset, 8);
2193 ll_append(card->remote_nodes, remote_node);
2194 offset += 8;
2195 }
2196 return card;
2197 }
2198
2199 void cc_card_removed(struct s_client *cl, uint32_t shareid)
2200 {
2201 struct cc_data *cc = cl->cc;
2202 struct cc_card *card;
2203 LL_ITER it = ll_iter_create(cc->cards);
2204
2205 while((card = ll_iter_next(&it)))
2206 {
2207 if(card->id == shareid) // && card->sub_id == b2i (3, buf + 9)) {
2208 {
2209 //cs_log_dbg(D_CLIENT, "cccam: card %08x removed, caid %04X, count %d",
2210 // card->id, card->caid, ll_count(cc->cards));
2211 ll_iter_remove(&it);
2212 if(cc->last_emm_card == card)
2213 {
2214 cc->last_emm_card = NULL;
2215 cs_log_dbg(D_READER, "%s current card %08x removed!",
2216 getprefix(), card->id);
2217 }
2218 free_extended_ecm_idx_by_card(cl, card, 1);
2219 if(card->hop == 1) { cc->num_hop1--; }
2220 else if(card->hop == 2) { cc->num_hop2--; }
2221 else { cc->num_hopx--; }
2222
2223 if(card->reshare == 0) { cc->num_reshare0--; }
2224 else if(card->reshare == 1) { cc->num_reshare1--; }
2225 else if(card->reshare == 2) { cc->num_reshare2--; }
2226 else { cc->num_resharex--; }
2227
2228 cs_log_dbg(D_TRACE, "%s card removed: id %8X remoteid %8X caid %4X hop %d reshare %d originid %8X cardtype %d",
2229 getprefix(), card->id, card->remote_id, card->caid, card->hop, card->reshare, card->origin_id, card->card_type);
2230
2231 cc_free_card(card);
2232 cc->card_removed_count++;
2233 //break;
2234 }
2235 }
2236 }
2237
2238 void move_card_to_end(struct s_client *cl, struct cc_card *card_to_move)
2239 {
2240
2241 struct cc_data *cc = cl->cc;
2242
2243 LL_ITER it = ll_iter_create(cc->cards);
2244 struct cc_card *card;
2245 while((card = ll_iter_next(&it)))
2246 {
2247 if(card == card_to_move)
2248 {
2249 ll_iter_remove(&it);
2250 break;
2251 }
2252 }
2253 if(card)
2254 {
2255 cs_log_dbg(D_READER, "%s Moving card %08X to the end...", getprefix(), card_to_move->id);
2256 free_extended_ecm_idx_by_card(cl, card, 0);
2257 ll_append(cc->cards, card_to_move);
2258 }
2259 }
2260
2261
2262
2263 /*void fix_dcw(uchar *dcw)
2264 {
2265 int32_t i;
2266 for (i=0; i<16; i+=4)
2267 {
2268 dcw[i+3] = (dcw[i] + dcw[i+1] + dcw[i+2]) & 0xFF;
2269 }
2270 }*/
2271
2272 void addParam(char *param, char *value)
2273 {
2274 if(strlen(param) < 4)
2275 { strcat(param, value); }
2276 else
2277 {
2278 strcat(param, ",");
2279 strcat(param, value);
2280 }
2281 }
2282
2283 static void chk_peer_node_for_oscam(struct cc_data *cc)
2284 {
2285 if(!cc->is_oscam_cccam) //Allready discovered oscam-cccam:
2286 {
2287 uint16_t sum = 0x1234;
2288 uint16_t recv_sum = (cc->peer_node_id[6] << 8)
2289 | cc->peer_node_id[7];
2290 int32_t i;
2291 for(i = 0; i < 6; i++)
2292 {
2293 sum += cc->peer_node_id[i];
2294 }
2295 //Create special data to detect oscam-cccam:
2296 cc->is_oscam_cccam = sum == recv_sum;
2297 }
2298 }
2299
2300 #ifdef MODULE_CCCSHARE
2301 static void cc_s_idle(struct s_client *cl)
2302 {
2303 cs_log_dbg(D_TRACE, "ccc idle %s", username(cl));
2304 if(cfg.cc_keep_connected)
2305 {
2306 cc_cmd_send(cl, NULL, 0, MSG_KEEPALIVE);
2307 cl->last = time(NULL);
2308 }
2309 else
2310 {
2311 cs_log_dbg(D_CLIENT, "%s keepalive after maxidle is reached", getprefix());
2312 cs_disconnect_client(cl);
2313 }
2314 }
2315 #endif
2316
2317 int32_t cc_parse_msg(struct s_client *cl, uint8_t *buf, int32_t l)
2318 {
2319 struct s_reader *rdr = (cl->typ == 'c') ? NULL : cl->reader;
2320 int32_t ret = buf[1];
2321 struct cc_data *cc = cl->cc;
2322 char tmp_dbg[33];
2323 if(!cc || cl->kill)
2324 { return -1; }
2325
2326 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s parse_msg=%d", getprefix(), buf[1]);
2327
2328 uint8_t *data = buf + 4;
2329
2330 if(l < 4)
2331 { return -1; }
2332
2333 memcpy(&cc->receive_buffer, data, l - 4);
2334 cc->last_msg = buf[1];
2335 switch(buf[1])
2336 {
2337 case MSG_CLI_DATA:
2338 cs_log_dbg(D_CLIENT, "cccam: client data ack");
2339 break;
2340 case MSG_SRV_DATA:
2341 l -= 4;
2342 cs_log_dbg(D_READER, "%s MSG_SRV_DATA (payload=%d, hex=%02X)", getprefix(), l, l);
2343 data = cc->receive_buffer;
2344
2345 if(l == 0x48) //72 bytes: normal server data
2346 {
2347 cs_writelock(__func__, &cc->cards_busy);
2348 cc_free_cardlist(cc->cards, 0);
2349 free_extended_ecm_idx(cc);
2350 cc->last_emm_card = NULL;
2351 cc->num_hop1 = 0;
2352 cc->num_hop2 = 0;
2353 cc->num_hopx = 0;
2354 cc->num_reshare0 = 0;
2355 cc->num_reshare1 = 0;
2356 cc->num_reshare2 = 0;
2357 cc->num_resharex = 0;
2358 cs_writeunlock(__func__, &cc->cards_busy);
2359
2360 memcpy(cc->peer_node_id, data, 8);
2361 memcpy(cc->peer_version, data + 8, 8);
2362
2363 memcpy(cc->cmd0b_aeskey, cc->peer_node_id, 8);
2364 memcpy(cc->cmd0b_aeskey + 8, cc->peer_version, 8);
2365
2366 strncpy(cc->remote_version, (char *)data + 8, sizeof(cc->remote_version) - 1);
2367 strncpy(cc->remote_build, (char *)data + 40, sizeof(cc->remote_build) - 1);
2368 cc->remote_build_nr = atoi(cc->remote_build);
2369
2370 //multics server response
2371 if(data[33] == 'M' && data[34] == 'C' && data[35] == 'S')
2372 {
2373 cc->multics_mode = 2; //multics server finaly confirmed.
2374 cc->multics_version[0] = data[37];
2375 cc->multics_version[1] = data[38];
2376 cs_log_dbg(D_READER, "multics detected: %s!", getprefix());
2377 }
2378
2379 cs_log_dbg(D_READER, "%s remove server %s running v%s (%s)", getprefix(), cs_hexdump(0,
2380 cc->peer_node_id, 8, tmp_dbg, sizeof(tmp_dbg)), cc->remote_version, cc->remote_build);
2381
2382 chk_peer_node_for_oscam(cc);
2383 //Trick: when discovered partner is an Oscam Client, then we send him our version string:
2384 if(cc->is_oscam_cccam)
2385 {
2386 uint8_t token[256];
2387 snprintf((char *)token, sizeof(token),
2388 "PARTNER: OSCam v%s, build r%s (%s) [EXT,SID,SLP]", CS_VERSION,
2389 CS_SVN_VERSION, CS_TARGET);
2390 cc_cmd_send(cl, token, strlen((char *)token) + 1, MSG_CW_NOK1);
2391 }
2392
2393 cc->cmd05_mode = MODE_PLAIN;
2394 //
2395 //Keyoffset is payload-size:
2396 //
2397 }
2398 else if(l >= 0x00 && l <= 0x0F)
2399 {
2400 cc->cmd05_offset = l;
2401 //
2402 //16..43 bytes: RC4 encryption:
2403 //
2404 }
2405 else if((l >= 0x10 && l <= 0x1f) || (l >= 0x24 && l <= 0x2b))
2406 {
2407 cc_init_crypt(&cc->cmd05_cryptkey, data, l);
2408 cc->cmd05_mode = MODE_RC4_CRYPT;
2409 //
2410 //32 bytes: set AES128 key for CMD_05, Key=16 bytes offset keyoffset
2411 //
2412 }
2413 else if(l == 0x20)
2414 {
2415 memcpy(cc->cmd05_aeskey, data + cc->cmd05_offset, 16);
2416 cc->cmd05_mode = MODE_AES;
2417 //
2418 //33 bytes: xor-algo mit payload-bytes, offset keyoffset
2419 //
2420 }
2421 else if(l == 0x21)
2422 {
2423 cc_init_crypt(&cc->cmd05_cryptkey, data + cc->cmd05_offset, l);
2424 cc->cmd05_mode = MODE_CC_CRYPT;
2425 //
2426 //34 bytes: cmd_05 plain back
2427 //
2428 }
2429 else if(l == 0x22)
2430 {
2431 cc->cmd05_mode = MODE_PLAIN;
2432 //
2433 //35 bytes: Unknown!! 2 256 byte keys exchange
2434 //
2435 }
2436 else if(l == 0x23)
2437 {
2438 cc->cmd05_mode = MODE_UNKNOWN;
2439 cc_cycle_connection(cl);
2440 //
2441 //44 bytes: set aes128 key, Key=16 bytes [Offset=len(password)]
2442 //
2443 }
2444 else if(l == 0x2c)
2445 {
2446 memcpy(cc->cmd05_aeskey, data + strlen(rdr->r_pwd), 16);
2447 cc->cmd05_mode = MODE_AES;
2448 //
2449 //45 bytes: set aes128 key, Key=16 bytes [Offset=len(username)]
2450 //
2451 }
2452 else if(l == 0x2d)
2453 {
2454 memcpy(cc->cmd05_aeskey, data + strlen(rdr->r_usr), 16);
2455 cc->cmd05_mode = MODE_AES;
2456 //
2457 //Unknown!!
2458 //
2459 }
2460 else
2461 {
2462 cs_log_dbg(D_READER,
2463 "%s received improper MSG_SRV_DATA! No change to current mode, mode=%d",
2464 getprefix(), cc->cmd05_mode);
2465 break;
2466 }
2467 cs_log_dbg(D_READER, "%s MSG_SRV_DATA MODE=%s, len=%d", getprefix(),
2468 cmd05_mode_name[cc->cmd05_mode], l);
2469 break;
2470
2471 case MSG_NEW_CARD_SIDINFO:
2472 case MSG_NEW_CARD:
2473 {
2474 if(l < 16)
2475 { break; }
2476
2477 uint16_t caid = b2i(2, buf + 12);
2478 //filter caid==0 and maxhop:
2479 if(!caid || buf[14] >= rdr->cc_maxhops + 1)
2480 { break; }
2481
2482 //filter mindown:
2483 if(buf[15] < rdr->cc_mindown)
2484 { break; }
2485
2486 //caid check
2487 if(!chk_ctab(caid, &rdr->ctab))
2488 { break; }
2489
2490 rdr->tcp_connected = 2; //we have card
2491 rdr->card_status = CARD_INSERTED;
2492
2493 cs_writelock(__func__, &cc->cards_busy);
2494 struct cc_card *card = read_card(data, l - 4, buf[1] == MSG_NEW_CARD_SIDINFO);
2495 if(!card)
2496 {
2497 cs_writeunlock(__func__, &cc->cards_busy);
2498 break;
2499 }
2500 card->origin_reader = rdr;
2501 card->origin_id = card->id;
2502 card->grp = rdr->grp;
2503 card->rdr_reshare = rdr->cc_reshare > -1 ? rdr->cc_reshare : cfg.cc_reshare;
2504
2505 //Check if this card is from us:
2506 LL_ITER it = ll_iter_create(card->remote_nodes);
2507 uint8_t *node_id;
2508 while((node_id = ll_iter_next(&it)))
2509 {
2510 if(memcmp(node_id, cc_node_id, sizeof(cc_node_id)) == 0) //this card is from us!
2511 {
2512 cs_log_dbg(D_READER, "filtered card because of recursive nodeid: id=%08X, caid=%04X", card->id, card->caid);
2513 cc_free_card(card);
2514 card = NULL;
2515 break;
2516 }
2517 }
2518 #ifdef MODULE_CCCSHARE
2519 //Check Ident filter:
2520 if(card)
2521 {
2522 if(!chk_ident(&rdr->ftab, card))
2523 {
2524 cc_free_card(card);
2525 card = NULL;
2526 }
2527 }
2528 #endif
2529 if(card)
2530 {
2531 //Check if we already have this card:
2532 it = ll_iter_create(cc->cards);
2533 struct cc_card *old_card;
2534 while((old_card = ll_iter_next(&it)))
2535 {
2536 if(old_card->id == card->id || same_card(old_card, card)) //We already have this card, delete it.
2537 {
2538 cc_free_card(card);
2539 card = old_card;
2540 break;
2541 }
2542 }
2543
2544 if(!old_card)
2545 {
2546 card->card_type = CT_REMOTECARD;
2547 ll_append(cc->cards, card);
2548 set_au_data(cl, rdr, card, NULL);
2549 cc->card_added_count++;
2550 card->hop++;
2551 if(card->hop == 1) { cc->num_hop1++; }
2552 else if(card->hop == 2) { cc->num_hop2++; }
2553 else { cc->num_hopx++; }
2554
2555 if(card->reshare == 0) { cc->num_reshare0++; }
2556 else if(card->reshare == 1) { cc->num_reshare1++; }
2557 else if(card->reshare == 2) { cc->num_reshare2++; }
2558 else { cc->num_resharex++; }
2559
2560 cs_log_dbg(D_TRACE, "%s card added: id %8X remoteid %8X caid %4X hop %d reshare %d originid %8X cardtype %d",
2561 getprefix(), card->id, card->remote_id, card->caid, card->hop, card->reshare, card->origin_id, card->card_type);
2562 }
2563 }
2564
2565 cs_writeunlock(__func__, &cc->cards_busy);
2566
2567 #ifdef MODULE_CCCSHARE
2568 cccam_refresh_share();
2569 #endif
2570
2571 break;
2572 }
2573
2574 case MSG_CARD_REMOVED:
2575 {
2576 if(l < 8)
2577 { break; }
2578 cs_writelock(__func__, &cc->cards_busy);
2579 cc_card_removed(cl, b2i(4, buf + 4));
2580 cs_writeunlock(__func__, &cc->cards_busy);
2581 break;
2582 }
2583
2584 case MSG_SLEEPSEND:
2585 //Server sends SLEEPSEND:
2586 if(l < 5)
2587 { break; }
2588
2589 if(!cfg.c35_suppresscmd08)
2590 {
2591 if(buf[4] == 0xFF)
2592 {
2593 cl->stopped = 2; // server says sleep
2594 //rdr->card_status = NO_CARD;
2595 }
2596 else
2597 {
2598 if(config_enabled(WITH_LB) && !cfg.lb_mode)
2599 {
2600 cl->stopped = 1; // server says invalid
2601 rdr->card_status = CARD_FAILURE;
2602 }
2603 }
2604 }
2605 //NO BREAK!! NOK Handling needed!
2606
2607 case MSG_CW_NOK1:
2608 case MSG_CW_NOK2:
2609 if(l < 2)
2610 { break; }
2611
2612 if(l > 5)
2613 {
2614 //Received NOK with payload:
2615 char *msg = (char *) buf + 4;
2616
2617 //Check for PARTNER connection:
2618 if((l >= (4+8)) && strncmp(msg, "PARTNER:", 8) == 0)
2619 {
2620 //When Data starts with "PARTNER:" we have an Oscam-cccam-compatible client/server!
2621
2622 strncpy(cc->remote_oscam, msg + 9, sizeof(cc->remote_oscam) - 1);
2623 int32_t has_param = check_extended_mode(cl, msg);
2624 if(!cc->is_oscam_cccam)
2625 {
2626 cc->is_oscam_cccam = 1;
2627
2628 //send params back. At the moment there is only "EXT"
2629 char param[20];
2630 if(!has_param)
2631 { param[0] = 0; }
2632 else
2633 {
2634 cs_strncpy(param, " [", sizeof(param));
2635 if(cc->extended_mode)
2636 { addParam(param, "EXT"); }
2637 if(cc->cccam220)
2638 { addParam(param, "SID"); }
2639 if(cc->sleepsend)
2640 { addParam(param, "SLP"); }
2641 strcat(param, "]");
2642 }
2643
2644 uchar token[256];
2645 snprintf((char *)token, sizeof(token),
2646 "PARTNER: OSCam v%s, build r%s (%s)%s",
2647 CS_VERSION, CS_SVN_VERSION, CS_TARGET, param);
2648 cc_cmd_send(cl, token, strlen((char *)token) + 1, MSG_CW_NOK1);
2649 }
2650 }
2651 else
2652 {
2653 size_t msg_size = l - 4;
2654 char last_char = msg[msg_size - 1];
2655 if(last_char == 0) // verify if the payload is a null terminated string
2656 {
2657 if(cs_realloc(&cc->nok_message, msg_size))
2658 { memcpy(cc->nok_message, msg, msg_size); }
2659 }
2660 else
2661 { NULLFREE(cc->nok_message); }
2662 }
2663
2664 return ret;
2665 }
2666
2667 if(cl->typ == 'c')
2668 { return ret; }
2669
2670 //for reader only
2671
2672 cc->recv_ecmtask = -1;
2673
2674 if(cc->just_logged_in)
2675 { return -1; } // reader restart needed
2676
2677 cs_readlock(__func__, &cc->cards_busy);
2678
2679 struct cc_extended_ecm_idx *eei = get_extended_ecm_idx(cl,
2680 cc->extended_mode ? cc->g_flag : 1, 1);
2681 if(!eei)
2682 {
2683 cs_log_dbg(D_READER, "%s received extended ecm NOK id %d but not found!",
2684 getprefix(), cc->g_flag);
2685 }
2686 else
2687 {
2688 uint16_t ecm_idx = eei->ecm_idx;
2689 cc->recv_ecmtask = ecm_idx;
2690 struct cc_card *card = eei->card;
2691 // uint32_t cccam_id = eei->cccam_id;
2692 struct cc_srvid srvid = eei->srvid;
2693 int8_t retry = 1;
2694 struct timeb tpe;
2695 cs_ftime(&tpe);
2696 int64_t cwlastresptime = comp_timeb(&tpe, &eei->tps);
2697
2698 add_garbage(eei);
2699
2700 if(card)
2701 {
2702 if(buf[1] == MSG_CW_NOK1) //MSG_CW_NOK1: share no more available
2703 {
2704 cs_log_dbg(D_TRACE, "NOK1: share temporarily not available %d %04X ecm %d %d!", card->id, card->caid, eei->send_idx, eei->ecm_idx);
2705 int j;
2706 for(j = 0; j < cfg.max_pending; j++)
2707 {
2708 if(cl->ecmtask[j].idx == ecm_idx && cl->ecmtask[j].rc == E_ALREADY_SENT) {
2709 ECM_REQUEST *er = &cl->ecmtask[j];
2710 cl->pending--;
2711
2712 write_ecm_answer(rdr, er, E_NOTFOUND, 0, NULL, NULL, 0, NULL);
2713 break;
2714 }
2715 }
2716 }
2717 //else MSG_CW_NOK2: can't decode
2718 else if(cc->cmd05NOK)
2719 {
2720 move_card_to_end(cl, card);
2721 if(cwlastresptime < 5000)
2722 {
2723 add_sid_block(card, &srvid, true);
2724 }
2725 else
2726 {
2727 if(card->rating <= MIN_RATING)
2728 {
2729 add_sid_block(card, &srvid, true);
2730 }
2731 else
2732 {
2733 card->rating--;
2734 }
2735 }
2736 }
2737 else if(cacheex_get_rdr_mode(rdr) != 1)
2738 {
2739 if(!is_good_sid(card, &srvid))
2740 {
2741 move_card_to_end(cl, card);
2742 if(cwlastresptime < 5000)
2743 {
2744 add_sid_block(card, &srvid, true);
2745 }
2746 else
2747 {
2748 if(card->rating <= MIN_RATING)
2749 {
2750 add_sid_block(card, &srvid, true);
2751 }
2752 else
2753 {
2754 card->rating--;
2755 }
2756 }
2757 }
2758 else
2759 {
2760 move_card_to_end(cl, card);
2761 add_sid_block(card, &srvid, true);
2762 }
2763
2764 if(card->rating < MIN_RATING)
2765 { card->rating = MIN_RATING; }
2766
2767 if(cfg.cc_forward_origin_card && card->origin_reader == rdr)
2768 {
2769 //this card is from us but it can't decode this ecm
2770 //also origin card is only set on cccam clients
2771 //so wie send back the nok to the client
2772 cs_log_dbg(D_TRACE, "%s forward card: %s", getprefix(), (buf[1] == MSG_CW_NOK1) ? "NOK1" : "NOK2");
2773 retry = 0;
2774 }
2775 }
2776 }
2777 else
2778 {
2779 cs_log_dbg(D_READER, "%s NOK: NO CARD!", getprefix());
2780 //try next card...
2781 }
2782
2783 //A "NOK" in extended mode means, NOTHING found, regardless of the requested card. So do not retry
2784 if(cc->extended_mode)
2785 {
2786 cl->pending--;
2787 retry = 0;
2788 }
2789
2790 if(retry)
2791 {
2792 cc_reset_pending(cl, ecm_idx);
2793 }
2794 else
2795 {
2796 int32_t i = 0;
2797 for(i = 0; i < cfg.max_pending; i++)
2798 {
2799 if(cl->ecmtask[i].idx == ecm_idx && cl->ecmtask[i].rc == E_ALREADY_SENT)
2800 {
2801 cs_log_dbg(D_TRACE,
2802 "%s ext NOK %s", getprefix(), (buf[1] == MSG_CW_NOK1) ? "NOK1" : "NOK2");
2803 ECM_REQUEST *er = &cl->ecmtask[i];
2804 cl->pending--;
2805
2806 write_ecm_answer(rdr, er, E_NOTFOUND, 0, NULL, NULL, 0, NULL);
2807 break;
2808 }
2809 }
2810 }
2811 }
2812 cc->cmd05NOK = 0;
2813 cs_readunlock(__func__, &cc->cards_busy);
2814
2815 if(!cc->extended_mode)
2816 {
2817 cc->ecm_busy = 0;
2818 }
2819
2820 cc_send_ecm(cl, NULL);
2821 break;
2822
2823 case MSG_CACHE_PUSH:
2824 {
2825 if((l - 4) >= 18)
2826 {
2827 cc_cacheex_push_in(cl, data);
2828 }
2829 break;
2830 }
2831
2832 case MSG_CACHE_FILTER:
2833 {
2834 if((l - 4) >= 482)
2835 {
2836 cc_cacheex_filter_in(cl, data);
2837 }
2838 break;
2839 }
2840
2841 case MSG_CW_ECM:
2842 cc->just_logged_in = 0;
2843 if(cl->typ == 'c') //SERVER:
2844 {
2845 #define CCMSG_HEADER_LEN 17
2846
2847 ECM_REQUEST *er;
2848 struct cc_card *server_card;
2849
2850 if(l < CCMSG_HEADER_LEN)
2851 { break; }
2852
2853 if(!cs_malloc(&server_card, sizeof(struct cc_card)))
2854 { break; }
2855 server_card->id = buf[10] << 24 | buf[11] << 16 | buf[12] << 8
2856 | buf[13];
2857 server_card->caid = b2i(2, data);
2858
2859 if((er = get_ecmtask()) && l > CCMSG_HEADER_LEN && MAX_ECM_SIZE > l - CCMSG_HEADER_LEN)
2860 {
2861 er->caid = b2i(2, buf + 4);
2862 er->prid = b2i(4, buf + 6);
2863 er->srvid = b2i(2, buf + 14);
2864 er->ecmlen = l - CCMSG_HEADER_LEN;
2865 memcpy(er->ecm, buf + CCMSG_HEADER_LEN, er->ecmlen);
2866 cc->server_ecm_pending++;
2867 er->idx = ++cc->server_ecm_idx;
2868
2869 #ifdef MODULE_CCCSHARE
2870
2871 if(cfg.cc_forward_origin_card) //search my shares for this card:
2872 {
2873 cs_log_dbg(D_TRACE, "%s forward card: %04X:%04x search share %d", getprefix(), er->caid, er->srvid, server_card->id);
2874 LLIST **sharelist = get_and_lock_sharelist();
2875 LL_ITER itr = ll_iter_create(get_cardlist(er->caid, sharelist));
2876 struct cc_card *card;
2877 struct cc_card *rcard = NULL;
2878 while((card = ll_iter_next(&itr)))
2879 {
2880 if(card->id == server_card->id) //found it
2881 {
2882 break;
2883 }
2884 }
2885 cs_log_dbg(D_TRACE, "%s forward card: share %d found: %d", getprefix(), server_card->id, card ? 1 : 0);
2886
2887 struct s_reader *ordr = NULL;
2888 if(card && card->origin_reader) // found own card, now search reader card:
2889 {
2890 //Search reader in list, because it is maybe offline?
2891 for(ordr = first_active_reader; ordr; ordr = ordr->next)
2892 {
2893 if(ordr == card->origin_reader) { break; }
2894 }
2895
2896 if(!ordr)
2897 { cs_log_dbg(D_TRACE, "%s origin reader not found!", getprefix()); }
2898 else
2899 {
2900 cs_log_dbg(D_TRACE, "%s forward card: share %d origin reader %s origin id %d", getprefix(), card->id, ordr->label, card->origin_id);
2901 struct s_client *cl2 = ordr->client;
2902 if(card->origin_id && cl2 && cl2->cc) //only if we have a origin from a cccam reader
2903 {
2904 struct cc_data *rcc = cl2->cc;
2905
2906 if(rcc)
2907 {
2908 itr = ll_iter_create(rcc->cards);
2909 while((rcard = ll_iter_next(&itr)))
2910 {
2911 if(rcard->id == card->origin_id) //found it!
2912 { break; }
2913 }
2914 }
2915 }
2916 else
2917 { rcard = card; }
2918 }
2919 er->origin_reader = ordr;
2920 }
2921
2922 er->origin_card = rcard;
2923 if(!rcard || !ordr)
2924 {
2925 cs_log_dbg(D_TRACE, "%s forward card: share %d not found!", getprefix(), server_card->id);
2926 er->rc = E_NOTFOUND;
2927 er->rcEx = E2_CCCAM_NOK1; //share not found!
2928 }
2929 else
2930 cs_log_dbg(D_TRACE, "%s forward card: share %d forwarded to %s origin as id %d", getprefix(),
2931 card->id, ordr->label, rcard->id);
2932 unlock_sharelist();
2933 }
2934 #endif
2935
2936 cs_log_dbg(
2937 D_CLIENT,
2938 "%s ECM request from client: caid %04x srvid %04x(%d) prid %06x",
2939 getprefix(), er->caid, er->srvid, er->ecmlen, er->prid);
2940
2941 struct cc_srvid srvid;
2942 srvid.sid = er->srvid;
2943 srvid.chid = er->chid;
2944 srvid.ecmlen = er->ecmlen;
2945 add_extended_ecm_idx(cl, cc->extended_mode ? cc->g_flag : 1,
2946 er->idx, server_card, srvid, 1);
2947
2948 get_cw(cl, er);
2949
2950 }
2951 else
2952 {
2953 cs_log_dbg(D_CLIENT, "%s NO ECMTASK!!!! l=%d", getprefix(), l);
2954 NULLFREE(server_card);
2955 }
2956
2957 }
2958 else //READER:
2959 {
2960 if(l < 20)
2961 { break; }
2962
2963 cs_readlock(__func__, &cc->cards_busy);
2964 cc->recv_ecmtask = -1;
2965 eei = get_extended_ecm_idx(cl,
2966 cc->extended_mode ? cc->g_flag : 1, 1);
2967 if(!eei)
2968 {
2969 cs_log_dbg(D_READER, "%s received extended ecm id %d but not found!",
2970 getprefix(), cc->g_flag);
2971 if(!cc->extended_mode)
2972 { cc_cli_close(cl, 0); }
2973 }
2974 else
2975 {
2976 uint16_t ecm_idx = eei->ecm_idx;
2977 cc->recv_ecmtask = ecm_idx;
2978 struct cc_card *card = eei->card;
2979 uint32_t cccam_id = eei->cccam_id;
2980 struct cc_srvid srvid = eei->srvid;
2981 NULLFREE(eei);
2982
2983 if(card)
2984 {
2985
2986 if(!cc->extended_mode)
2987 {
2988 cc_cw_crypt(cl, buf + 4, card->id);
2989 cc_crypt_cmd0c(cl, buf + 4, 16);
2990 }
2991
2992 memcpy(cc->dcw, buf + 4, 16);
2993 //fix_dcw(cc->dcw);
2994 if(!cc->extended_mode)
2995 { cc_crypt(&cc->block[DECRYPT], buf + 4, l - 4, ENCRYPT); } // additional crypto step
2996
2997 if(is_null_dcw(cc->dcw))
2998 {
2999 cs_log_dbg(D_READER, "%s null dcw received! sid=%04X(%d)", getprefix(),
3000 srvid.sid, srvid.ecmlen);
3001 move_card_to_end(cl, card);
3002 add_sid_block(card, &srvid, true);
3003 //ecm retry:
3004 cc_reset_pending(cl, ecm_idx);
3005 buf[1] = MSG_CW_NOK2; //So it's really handled like a nok!
3006 }
3007 else
3008 {
3009 cs_log_dbg(D_READER, "%s cws: %d %s", getprefix(),
3010 ecm_idx, cs_hexdump(0, cc->dcw, 16, tmp_dbg, sizeof(tmp_dbg)));
3011
3012 //check response time, if > fallbacktime, switch cards!
3013 struct timeb tpe;
3014 cs_ftime(&tpe);
3015 int64_t cwlastresptime = comp_timeb(&tpe, &cc->ecm_time);
3016 if(cwlastresptime > get_fallbacktimeout(card->caid) && !cc->extended_mode)
3017 {
3018 cs_log_dbg(D_READER, "%s card %04X is too slow, moving to the end...", getprefix(), card->id);
3019 move_card_to_end(cl, card);
3020 card->rating--;
3021 if(card->rating < MIN_RATING)
3022 { card->rating = MIN_RATING; }
3023 }
3024 else
3025 {
3026 card->rating++;
3027 if(card->rating > MAX_RATING)
3028 { card->rating = MAX_RATING; }
3029 }
3030 }
3031 }
3032 else
3033 {
3034 // Card removed...
3035 cs_log_dbg(D_READER,
3036 "%s warning: ECM-CWS respond by CCCam server without current card!",
3037 getprefix());
3038
3039 if(!cc->extended_mode)
3040 {
3041 cc_cw_crypt(cl, buf + 4, cccam_id);
3042 cc_crypt_cmd0c(cl, buf + 4, 16);
3043 }
3044 memcpy(cc->dcw, buf + 4, 16);
3045 //fix_dcw(cc->dcw);
3046 if(!cc->extended_mode)
3047 { cc_crypt(&cc->block[DECRYPT], buf + 4, l - 4, ENCRYPT); } // additional crypto step
3048
3049 cs_log_dbg(D_READER, "%s cws: %d %s", getprefix(),
3050 ecm_idx, cs_hexdump(0, cc->dcw, 16, tmp_dbg, sizeof(tmp_dbg)));
3051 }
3052 }
3053 cs_readunlock(__func__, &cc->cards_busy);
3054
3055 if(!cc->extended_mode)
3056 {
3057 cc->ecm_busy = 0;
3058 }
3059
3060 //cc_abort_user_ecms();
3061
3062 cc_send_ecm(cl, NULL);
3063
3064 if(cc->max_ecms)
3065 { cc->ecm_counter++; }
3066 }
3067 break;
3068
3069 case MSG_KEEPALIVE:
3070 if(cl)
3071 {
3072 cl->last = time(NULL);
3073 }
3074 if(rdr && rdr->cc_keepalive)
3075 {
3076 rdr->last_g = time(NULL);
3077 rdr->last_s = time(NULL);
3078 rdr_log_dbg(rdr, D_READER, "%s: receive keepalive", __func__);
3079 }
3080
3081 cc->just_logged_in = 0;
3082 break;
3083
3084 case MSG_CMD_05:
3085 if(cl->typ != 'c')
3086 {
3087 cc->just_logged_in = 0;
3088 l = l - 4;//Header Length=4 Byte
3089 if(l < 0)
3090 { break; }
3091
3092 cs_log_dbg(D_READER, "%s MSG_CMD_05 recvd, payload length=%d mode=%d",
3093 getprefix(), l, cc->cmd05_mode);
3094 cc->cmd05_active = 1;
3095 cc->cmd05_data_len = l;
3096 memcpy(&cc->cmd05_data, buf + 4, l);
3097 if(!cc->ecm_busy && ll_has_elements(cc->cards))
3098 { send_cmd05_answer(cl); }
3099 }
3100 break;
3101 case MSG_CMD_0B:
3102 {
3103 if(l < 20)
3104 { break; }
3105
3106 // by Project:Keynation
3107 cs_log_dbg(D_READER, "%s MSG_CMD_0B received (payload=%d)!",
3108 getprefix(), l - 4);
3109
3110 AES_KEY key;
3111 uint8_t aeskey[16];
3112 uint8_t out[16];
3113
3114 memcpy(aeskey, cc->cmd0b_aeskey, 16);
3115 memset(&key, 0, sizeof(key));
3116
3117 //cs_log_dump_dbg(D_READER, aeskey, 16, "%s CMD_0B AES key:", getprefix());
3118 //cs_log_dump_dbg(D_READER, data, 16, "%s CMD_0B received data:", getprefix());
3119
3120 AES_set_encrypt_key((unsigned char *) &aeskey, 128, &key);
3121 AES_encrypt((unsigned char *) data, (unsigned char *) &out, &key);
3122
3123 cs_log_dbg(D_TRACE, "%s sending CMD_0B! ", getprefix());
3124 //cs_log_dump_dbg(D_READER, out, 16, "%s CMD_0B out:", getprefix());
3125 cc_cmd_send(cl, out, 16, MSG_CMD_0B);
3126
3127 break;
3128 }
3129
3130 case MSG_CMD_0C: //New CCCAM 2.2.0 Server/Client fake check!
3131 {
3132 int32_t len = l - 4;
3133 if(len < 0)
3134 { break; }
3135
3136 if(cl->typ == 'c') //Only im comming from "client"
3137 {
3138 cs_log_dbg(D_CLIENT, "%s MSG_CMD_0C received (payload=%d)!", getprefix(), len);
3139
3140 uint8_t bytes[0x20];
3141 if(len < 0x20) //if less then 0x20 bytes, clear others:
3142 { memset(data + len, 0, 0x20 - len); }
3143
3144 //change first 0x10 bytes to the second:
3145 memcpy(bytes, data + 0x10, 0x10);
3146 memcpy(bytes + 0x10, data, 0x10);
3147
3148 //xor data:
3149 int32_t i;
3150 for(i = 0; i < 0x20; i++)
3151 { bytes[i] ^= (data[i] & 0x7F); }
3152
3153 //key is now the 16bit hash of md5:
3154 uint8_t md5hash[0x10];
3155 MD5(data, 0x20, md5hash);
3156 memcpy(bytes, md5hash, 0x10);
3157
3158 cs_log_dbg(D_CLIENT, "%s sending CMD_0C! ", getprefix());
3159 //cs_log_dump_dbg(D_CLIENT, bytes, 0x20, "%s CMD_0C out:", getprefix());
3160 cc_cmd_send(cl, bytes, 0x20, MSG_CMD_0C);
3161 }
3162 else //reader
3163 {
3164 // by Project:Keynation + Oscam team
3165 cc_crypt_cmd0c(cl, data, len);
3166
3167 uint8_t CMD_0x0C_Command = data[0];
3168
3169 switch(CMD_0x0C_Command)
3170 {
3171
3172 case 0 : //RC6
3173 {
3174 cc->cmd0c_mode = MODE_CMD_0x0C_RC6;
3175 break;
3176 }
3177
3178 case 1: //RC4
3179 {
3180 cc->cmd0c_mode = MODE_CMD_0x0C_RC4;
3181 break;
3182 }
3183
3184 case 2: //CC_CRYPT
3185 {
3186 cc->cmd0c_mode = MODE_CMD_0x0C_CC_CRYPT;
3187 break;
3188 }
3189
3190 case 3: //AES
3191 {
3192 cc->cmd0c_mode = MODE_CMD_0x0C_AES;
3193 break;
3194 }
3195
3196 case 4 : //IDEA
3197 {
3198 cc->cmd0c_mode = MODE_CMD_0x0C_IDEA;
3199 break;
3200 }
3201
3202 default:
3203 {
3204 cc->cmd0c_mode = MODE_CMD_0x0C_NONE;
3205 }
3206 }
3207
3208 set_cmd0c_cryptkey(cl, data, len);
3209
3210 cs_log_dbg(D_READER, "%s received MSG_CMD_0C from server! CMD_0x0C_CMD=%d, MODE=%s",
3211 getprefix(), CMD_0x0C_Command, cmd0c_mode_name[cc->cmd0c_mode]);
3212 }
3213 break;
3214 }
3215
3216 case MSG_CMD_0D: //key update for the active cmd0x0c algo
3217 {
3218 int32_t len = l - 4;
3219 if(len < 0)
3220 { break; }
3221
3222 if(cc->cmd0c_mode == MODE_CMD_0x0C_NONE)
3223 { break; }
3224
3225 cc_crypt_cmd0c(cl, data, len);
3226 set_cmd0c_cryptkey(cl, data, len);
3227
3228 cs_log_dbg(D_READER, "%s received MSG_CMD_0D from server! MODE=%s",
3229 getprefix(), cmd0c_mode_name[cc->cmd0c_mode]);
3230 break;
3231 }
3232
3233 case MSG_CMD_0E:
3234 {
3235 if(l < 2)
3236 { break; }
3237
3238 cs_log_dbg(D_READER, "cccam 2.2.x commands not implemented: 0x%02X", buf[1]);
3239 //Unkwon commands...need workout algo
3240 if(cl->typ == 'c') //client connection
3241 {
3242 //switching to an oder version and then disconnect...
3243 cs_strncpy(cfg.cc_version, version[0], sizeof(cfg.cc_version));
3244 ret = -1;
3245 }
3246 else //reader connection
3247 {
3248 cs_strncpy(cl->reader->cc_version, version[0], sizeof(cl->reader->cc_version));
3249 cs_strncpy(cl->reader->cc_build, build[0], sizeof(cl->reader->cc_build));
3250 cc_cycle_connection(cl);
3251 }
3252 break;
3253 }
3254
3255 case MSG_EMM_ACK:
3256 {
3257 cc->just_logged_in = 0;
3258 if(cl->typ == 'c') //EMM Request received
3259 {
3260 cc_cmd_send(cl, NULL, 0, MSG_EMM_ACK); //Send back ACK
3261
3262 if(l < 16)
3263 { break; }
3264
3265 cs_log_dbg(D_EMM, "%s EMM Request received!", getprefix());
3266
3267 if(!ll_count(cl->aureader_list))
3268 {
3269 cs_log_dbg(
3270 D_EMM,
3271 "%s EMM Request discarded because au is not assigned to an reader!",
3272 getprefix());
3273 return MSG_EMM_ACK;
3274 }
3275
3276 EMM_PACKET *emm;
3277 if(!cs_malloc(&emm, sizeof(EMM_PACKET)))
3278 { break; }
3279 emm->caid[0] = buf[4];
3280 emm->caid[1] = buf[5];
3281 emm->provid[0] = buf[7];
3282 emm->provid[1] = buf[8];
3283 emm->provid[2] = buf[9];
3284 emm->provid[3] = buf[10];
3285 //emm->hexserial[0] = buf[11];
3286 //emm->hexserial[1] = buf[12];
3287 //emm->hexserial[2] = buf[13];
3288 //emm->hexserial[3] = buf[14];
3289 if(l <= 0xFF)
3290 { emm->emmlen = buf[15]; }
3291 else
3292 { emm->emmlen = MIN(l - 16, (int32_t)sizeof(emm->emm)); }
3293
3294 if(emm->emmlen < 0 || emm->emmlen > MAX_EMM_SIZE || emm->emmlen+16 > l)
3295 { NULLFREE(emm); break;}
3296
3297 memcpy(emm->emm, buf + 16, emm->emmlen);
3298 //emm->type = UNKNOWN;
3299 //emm->cidx = cs_idx;
3300 do_emm(cl, emm);
3301 NULLFREE(emm);
3302 }
3303 else //Our EMM Request Ack!
3304 {
3305 cs_log_dbg(D_EMM, "%s EMM ACK!", getprefix());
3306 if(!cc->extended_mode)
3307 {
3308 cc->ecm_busy = 0;
3309 }
3310 cc_send_ecm(cl, NULL);
3311 }
3312 break;
3313 }
3314 default:
3315 //cs_log_dump_dbg(D_CLIENT, buf, l, "%s unhandled msg: %d len=%d", getprefix(), buf[1], l);
3316 break;
3317 }
3318
3319 if(cc->max_ecms && (cc->ecm_counter > cc->max_ecms))
3320 {
3321 cs_log_dbg(D_READER, "%s max ecms (%d) reached, cycle connection!", getprefix(),
3322 cc->max_ecms);
3323 cc_cycle_connection(cl);
3324 }
3325 return ret;
3326 }
3327
3328 /**
3329 * Reader: write dcw to receive
3330 */
3331 int32_t cc_recv_chk(struct s_client *cl, uchar *dcw, int32_t *rc, uchar *buf, int32_t UNUSED(n))
3332 {
3333 struct cc_data *cc = cl->cc;
3334
3335 if(buf[1] == MSG_CW_ECM)
3336 {
3337 memcpy(dcw, cc->dcw, 16);
3338 //cs_log_dbg(D_CLIENT, "cccam: recv chk - MSG_CW %d - %s", cc->recv_ecmtask,
3339 // cs_hexdump(0, dcw, 16, tmp_dbg, sizeof(tmp_dbg)));
3340 *rc = 1;
3341 return (cc->recv_ecmtask);
3342 }
3343 else if((buf[1] == (MSG_CW_NOK1)) || (buf[1] == (MSG_CW_NOK2)))
3344 {
3345 *rc = 0;
3346 //if (cc->is_oscam_cccam)
3347 if(cfg.cc_forward_origin_card)
3348 { return (cc->recv_ecmtask); }
3349 else
3350 { return -1; }
3351 }
3352
3353 return (-1);
3354 }
3355
3356 //int32_t is_softfail(int32_t rc)
3357 //{
3358 // //see oscam.c send_dcw() for a full list
3359 // switch(rc)
3360 // {
3361 // case 5: // 5 = timeout
3362 // case 6: // 6 = sleeping
3363 // case 7: // 7 = fake
3364 // case 10:// 10= no card
3365 // case 11:// 11= expdate
3366 // case 12:// 12= disabled
3367 // case 13:// 13= stopped
3368 // case 14:// 100= unhandled
3369 // return 1;
3370 // }
3371 // return 0;
3372 //}
3373
3374
3375 /**
3376 * Server: send DCW to client
3377 */
3378 void cc_send_dcw(struct s_client *cl, ECM_REQUEST *er)
3379 {
3380 uchar buf[16];
3381 struct cc_data *cc = cl->cc;
3382
3383 memset(buf, 0, sizeof(buf));
3384
3385 struct cc_extended_ecm_idx *eei = get_extended_ecm_idx_by_idx(cl, er->idx,
3386 1);
3387
3388 if(er->rc < E_NOTFOUND && eei) //found:
3389 {
3390 memcpy(buf, er->cw, sizeof(buf));
3391 //fix_dcw(buf);
3392 //cs_log_dbg(D_TRACE, "%s send cw: %s cpti: %d", getprefix(),
3393 // cs_hexdump(0, buf, 16, tmp_dbg, sizeof(tmp_dbg)), er->cpti);
3394 if(!cc->extended_mode)
3395 { cc_cw_crypt(cl, buf, eei->cccam_id); }
3396 else
3397 { cc->g_flag = eei->send_idx; }
3398 cc_cmd_send(cl, buf, 16, MSG_CW_ECM);
3399 if(!cc->extended_mode)
3400 { cc_crypt(&cc->block[ENCRYPT], buf, 16, ENCRYPT); } // additional crypto step
3401
3402 }
3403 else //NOT found:
3404 {
3405 //cs_log_dbg(D_TRACE, "%s send cw: NOK cpti: %d", getprefix(),
3406 // er->cpti);
3407
3408 if(eei && cc->extended_mode)
3409 { cc->g_flag = eei->send_idx; }
3410
3411 int32_t nok, bufsize = 0;
3412 if(cc->sleepsend && er->rc == E_STOPPED)
3413 {
3414 buf[0] = cl->c35_sleepsend;
3415 bufsize = 1;
3416 nok = MSG_SLEEPSEND;
3417 }
3418 else if(!eei || !eei->card)
3419 { nok = MSG_CW_NOK1; } //share no more available
3420 else
3421 {
3422 if(cfg.cc_forward_origin_card && er->origin_card == eei->card)
3423 { nok = (er->rcEx == E2_CCCAM_NOK1) ? MSG_CW_NOK1 : MSG_CW_NOK2; }
3424 else
3425 { nok = MSG_CW_NOK2; } //can't decode
3426 }
3427 cc_cmd_send(cl, buf, bufsize, nok);
3428 }
3429 cc->server_ecm_pending--;
3430 if(eei)
3431 {
3432 NULLFREE(eei->card);
3433 NULLFREE(eei);
3434 }
3435 }
3436
3437 int32_t cc_recv(struct s_client *cl, uchar *buf, int32_t l)
3438 {
3439 int32_t n;
3440 struct s_reader *rdr = (cl->typ == 'c') ? NULL : cl->reader;
3441
3442 if(buf == NULL || l <= 0)
3443 { return -1; }
3444
3445 n = cc_msg_recv(cl, buf, l); // recv and decrypt msg
3446 //cs_log_dump_dbg(D_CLIENT, buf, n, "cccam: received %d bytes from %s", n, remote_txt());
3447
3448
3449 if(n <= 0)
3450 {
3451 struct cc_data *cc = cl->cc;
3452 if(cc && cc->nok_message)
3453 { cs_log_dbg(D_CLIENT, "%s connection closed by %s. n=%d, Reason: %s", getprefix(), remote_txt(), n, cc->nok_message); }
3454 else
3455 {
3456 cs_log_dbg(D_CLIENT, "%s connection closed by %s, n=%d.", getprefix(), remote_txt(), n);
3457 if(rdr)
3458 {
3459 cc_cli_close(cl, 1);
3460 }
3461 else
3462 {
3463 //cs_writelock(__func__, &cc->cards_busy); maybe uninitialized
3464 cs_disconnect_client(cl);
3465 //cs_writeunlock(__func__, &cc->cards_busy);
3466 }
3467 cs_sleepms(150);
3468 n = -1;
3469 return n;
3470 }
3471 n = -1;
3472 }
3473 else if(n < 4)
3474 {
3475 cs_log("%s packet is too small (%d bytes)", getprefix(), n);
3476 n = -1;
3477 }
3478 else if(n > CC_MAXMSGSIZE)
3479 {
3480 cs_log("%s packet is too big (%d bytes, max: %d)", getprefix(), n, CC_MAXMSGSIZE);
3481 n = -1;
3482 }
3483 else
3484 {
3485 // parse it and write it back, if we have received something of value
3486 n = cc_parse_msg(cl, buf, n);
3487 if(n == MSG_CW_ECM || n == MSG_EMM_ACK)
3488 {
3489 cl->last = time(NULL); // last client action is now
3490 if(rdr) { rdr->last_g = time(NULL); } // last reader receive is now
3491 }
3492 }
3493
3494 if(n == -1)
3495 {
3496 if(cl->typ != 'c')
3497 { cc_cli_close(cl, 1); }
3498 }
3499 return n;
3500 }
3501
3502 void cc_init_locks(struct cc_data *cc)
3503 {
3504 cs_lock_create(__func__, &cc->lockcmd, "lockcmd", 5000);
3505 cs_lock_create(__func__, &cc->cards_busy, "cards_busy", 10000);
3506 }
3507
3508 #ifdef MODULE_CCCSHARE
3509 /**
3510 * Starting readers to get cards:
3511 **/
3512 int32_t cc_srv_wakeup_readers(struct s_client *cl)
3513 {
3514 int32_t wakeup = 0;
3515 struct s_reader *rdr;
3516 struct s_client *client;
3517 struct cc_data *cc;
3518 for(rdr = first_active_reader; rdr; rdr = rdr->next)
3519 {
3520 if(rdr->typ != R_CCCAM)
3521 { continue; }
3522 if(rdr->tcp_connected == 2)
3523 { continue; }
3524 if(!(rdr->grp & cl->grp))
3525 { continue; }
3526 if(rdr->cc_keepalive) //if reader has keepalive but is NOT connected, reader can't connect. so don't ask him
3527 { continue; }
3528 if((client = rdr->client) == NULL || (cc = client->cc) == NULL || client->kill) //reader is in shutdown
3529 { continue; }
3530 if(is_connect_blocked(rdr)) //reader cannot be waked up currently because its blocked
3531 { continue; }
3532
3533 //This wakeups the reader:
3534 add_job(rdr->client, ACTION_READER_CARDINFO, NULL, 0);
3535 wakeup++;
3536 }
3537 return wakeup;
3538 }
3539
3540
3541 int32_t cc_srv_connect(struct s_client *cl)
3542 {
3543 int32_t i, ccversion_pos, ccbuild_pos;
3544 int32_t no_delay = 1;
3545 uint8_t data[16];
3546 char usr[21], pwd[65], tmp_dbg[17];
3547 struct s_auth *account;
3548 struct cc_data *cc;
3549
3550 if(!cs_malloc(&cc, sizeof(struct cc_data)))
3551 { return -1; }
3552
3553 memset(usr, 0, sizeof(usr));
3554 memset(pwd, 0, sizeof(pwd));
3555
3556 // init internals data struct
3557 cl->cc = cc;
3558 cc->extended_ecm_idx = ll_create("extended_ecm_idx");
3559
3560 cc_init_locks(cc);
3561 uint8_t *buf = cc->send_buffer;
3562
3563 cc->server_ecm_pending = 0;
3564 cc->extended_mode = 0;
3565 cc->ecm_busy = 0;
3566
3567 int32_t keep_alive = 1;
3568 setsockopt(cl->udp_fd, SOL_SOCKET, SO_KEEPALIVE,
3569 (void *)&keep_alive, sizeof(keep_alive));
3570
3571 //Create checksum for "O" cccam:
3572 get_random_bytes(data, 12);
3573 for(i = 0; i < 4; i++)
3574 {
3575 data[12 + i] = (data[i] + data[4 + i] + data[8 + i]) & 0xff;
3576 }
3577
3578 cs_log_dbg(D_TRACE, "send ccc checksum");
3579
3580 send(cl->udp_fd, data, 16, 0);
3581
3582 cc_xor(data); // XOR init bytes with 'CCcam'
3583
3584 SHA_CTX ctx;
3585 SHA1_Init(&ctx);
3586 SHA1_Update(&ctx, data, 16);
3587 SHA1_Final(buf, &ctx);
3588
3589 cc_init_crypt(&cc->block[ENCRYPT], buf, 20);
3590 cc_crypt(&cc->block[ENCRYPT], data, 16, DECRYPT);
3591 cc_init_crypt(&cc->block[DECRYPT], data, 16);
3592 cc_crypt(&cc->block[DECRYPT], buf, 20, DECRYPT);
3593
3594 cs_log_dbg(D_TRACE, "receive ccc checksum");
3595
3596 if((i = cc_recv_to(cl, buf, 20)) == 20)
3597 {
3598 //cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: recv:");
3599 cc_crypt(&cc->block[DECRYPT], buf, 20, DECRYPT);
3600 //cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: hash:");
3601 }
3602 else
3603 { return -1; }
3604
3605 // receive username
3606 memset(buf, 0, CC_MAXMSGSIZE);
3607 i = cc_recv_to(cl, buf, 20);
3608 if(i < 0) { return -1; } // errors during receive!
3609 if(i == 20)
3610 {
3611 cc_crypt(&cc->block[DECRYPT], buf, 20, DECRYPT);
3612
3613 strncpy(usr, (char *) buf, sizeof(usr));
3614
3615 //test for nonprintable characters:
3616 for(i = 0; i < 20; i++)
3617 {
3618 if(usr[i] > 0 && usr[i] < 0x20) //found nonprintable char
3619 {
3620 cs_log("illegal username received");
3621 return -3;
3622 }
3623 }
3624 //cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: username '%s':", usr);
3625 }
3626 else
3627 {
3628 cs_add_violation(cl, NULL);
3629 return -2;
3630 }
3631 cs_log_dbg(D_TRACE, "ccc username received %s", usr);
3632
3633 cl->crypted = 1;
3634
3635 //CCCam only supports len=20 usr/pass. So we could have more than one user that matches the first 20 chars.
3636
3637 //receive password-CCCam encrypted Hash:
3638 i = cc_recv_to(cl, buf, 6);
3639 if(i < 0) { return -1; } // errors during receive!
3640 if(i != 6) // received invalid password length
3641 {
3642 cs_add_violation(cl, usr);
3643 return -2;
3644 }
3645
3646 cs_log_dbg(D_TRACE, "ccc passwdhash received %s", usr);
3647
3648 account = cfg.account;
3649 struct cc_crypt_block *save_block;
3650 if(!cs_malloc(&save_block, sizeof(struct cc_crypt_block)))
3651 { return -1; }
3652 memcpy(save_block, cc->block, sizeof(struct cc_crypt_block));
3653 int32_t found = 0;
3654 while(1)
3655 {
3656 while(account)
3657 {
3658 if(strncmp(usr, account->usr, 20) == 0)
3659 {
3660 memset(pwd, 0, sizeof(pwd));
3661 cs_strncpy(pwd, account->pwd, sizeof(pwd));
3662 found = 1;
3663 break;
3664 }
3665 account = account->next;
3666 }
3667
3668 if(!account)
3669 { break; }
3670
3671 // receive passwd / 'CCcam'
3672 memcpy(cc->block, save_block, sizeof(struct cc_crypt_block));
3673 cc_crypt(&cc->block[DECRYPT], (uint8_t *) pwd, strlen(pwd), ENCRYPT);
3674 cc_crypt(&cc->block[DECRYPT], buf, 6, DECRYPT);
3675 //cs_log_dump_dbg(D_CLIENT, buf, 6, "cccam: pwd check '%s':", buf); //illegal buf-bytes could kill the logger!
3676 if(memcmp(buf, "CCcam\0", 6) == 0) //Password Hash OK!
3677 { break; } //account is set
3678
3679 account = account->next;
3680 }
3681 NULLFREE(save_block);
3682
3683 if(cs_auth_client(cl, account, NULL)) //cs_auth_client returns 0 if account is valid/active/accessible
3684 {
3685 if(!found)
3686 { cs_log("account '%s' not found!", usr); }
3687 else
3688 { cs_log("password for '%s' invalid!", usr); }
3689 cs_add_violation(cl, usr);
3690 return -2;
3691 }
3692 if(cl->dup)
3693 {
3694 cs_log("account '%s' duplicate login, disconnect!", usr);
3695 return -3;
3696 }
3697 if(cl->disabled)
3698 {
3699 cs_log("account '%s' disabled, blocking+disconnect!", usr);
3700 cs_add_violation(cl, usr);
3701 return -2;
3702 }
3703 if(account->cccmaxhops < -1)
3704 {
3705 cs_log("account '%s' has cccmaxhops < -1, cccam can't handle this, disconnect!", usr);
3706 return -3;
3707 }
3708
3709 cs_log_dbg(D_TRACE, "ccc user authenticated %s", usr);
3710
3711 if(account->cccmaxhops == -1)
3712 { cs_log("account '%s' has cccmaxhops = -1: user will not see any card!", usr); }
3713
3714 if(!cs_malloc(&cc->prefix, strlen(cl->account->usr) + 20))
3715 { return -1; }
3716 snprintf(cc->prefix, strlen(cl->account->usr) + 20, "cccam(s) %s:", cl->account->usr);
3717
3718 #ifdef CS_CACHEEX
3719 if(cl->account->cacheex.mode < 2)
3720 #endif
3721 if(cl->tcp_nodelay == 0)
3722 {
3723 setsockopt(cl->udp_fd, IPPROTO_TCP, TCP_NODELAY, (void *)&no_delay, sizeof(no_delay));
3724 cl->tcp_nodelay = 1;
3725 }
3726
3727 //Starting readers to get cards:
3728 cc_srv_wakeup_readers(cl);
3729
3730 // send passwd ack
3731 memset(buf, 0, 20);
3732 memcpy(buf, "CCcam\0", 6);
3733 cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: send ack:");
3734 cc_crypt(&cc->block[ENCRYPT], buf, 20, ENCRYPT);
3735 send(cl->pfd, buf, 20, 0);
3736
3737 // recv cli data
3738 memset(buf, 0, CC_MAXMSGSIZE);
3739 i = cc_msg_recv(cl, buf, CC_MAXMSGSIZE-1);
3740 if(i < 0)
3741 { return -1; }
3742 cs_log_dump_dbg(D_CLIENT, buf, i, "cccam: cli data:");
3743
3744 if(i < 66)
3745 { cs_log_dbg(D_CLIENT, "cccam: cli data too small"); return -1; }
3746
3747 memcpy(cc->peer_node_id, buf + 24, 8);
3748 //chk_peer_node_for_oscam(cc);
3749
3750 ccversion_pos = 33;
3751 while(ccversion_pos+1 < i && ccversion_pos < 33+5 && buf[ccversion_pos] == 0)
3752 {
3753 ccversion_pos++;
3754 }
3755
3756 ccbuild_pos = 65;
3757 while(ccbuild_pos+1 < i && ccbuild_pos < 65+5 && buf[ccbuild_pos] == 0)
3758 {
3759 ccbuild_pos++;
3760 }
3761
3762 strncpy(cc->remote_version, (char *)buf + ccversion_pos, sizeof(cc->remote_version) - 1);
3763 strncpy(cc->remote_build, (char *)buf + ccbuild_pos, sizeof(cc->remote_build) - 1);
3764
3765 cs_log_dbg(D_CLIENT, "%s client '%s' (%s) running v%s (%s)", getprefix(), buf + 4,
3766 cs_hexdump(0, cc->peer_node_id, 8, tmp_dbg, sizeof(tmp_dbg)), cc->remote_version, cc->remote_build);
3767
3768 // send cli data ack
3769 cc_cmd_send(cl, NULL, 0, MSG_CLI_DATA);
3770
3771 cs_log_dbg(D_TRACE, "ccc send srv_data %s", usr);
3772 if(cc_send_srv_data(cl) < 0)
3773 { return -1; }
3774
3775 cc->cccam220 = check_cccam_compat(cc);
3776 cc->just_logged_in = 1;
3777
3778 //Wait for Partner detection (NOK1 with data) before reporting cards
3779 //When Partner is detected, cccam220=1 is set. then we can report extended card data
3780 i = process_input(buf, CC_MAXMSGSIZE, 1);
3781 if(i <= 0 && i != -9)
3782 { return 0; } //disconnected
3783
3784 if(cc->cccam220)
3785 { cs_log_dbg(D_CLIENT, "%s extended sid mode activated", getprefix()); }
3786 else
3787 { cs_log_dbg(D_CLIENT, "%s 2.1.x compatibility mode", getprefix()); }
3788
3789 cs_log_dbg(D_TRACE, "ccc send cards %s", usr);
3790 if(!cc_srv_report_cards(cl))
3791 { return -1; }
3792 cs_ftime(&cc->ecm_time);
3793
3794 //some clients, e.g. mgcamd, does not support keepalive. So if not answered, keep connection
3795 // check for client timeout, if timeout occurs try to send keepalive
3796 cs_log_dbg(D_TRACE, "ccc connected and waiting for data %s", usr);
3797 return 0;
3798 }
3799
3800 void cc_srv_init2(struct s_client *cl)
3801 {
3802 if(!cl->init_done && !cl->kill)
3803 {
3804 if(IP_ISSET(cl->ip))
3805 { cs_log_dbg(D_CLIENT, "cccam: new connection from %s", cs_inet_ntoa(cl->ip)); }
3806
3807 cl->pfd = cl->udp_fd;
3808 int32_t ret;
3809 if((ret = cc_srv_connect(cl)) < 0)
3810 {
3811 if(errno != 0)
3812 { cs_log_dbg(D_CLIENT, "cccam: failed errno: %d (%s)", errno, strerror(errno)); }
3813 else
3814 { cs_log_dbg(D_CLIENT, "cccam: failed ret: %d", ret); }
3815 cs_disconnect_client(cl);
3816 }
3817 else
3818 {
3819 cl->init_done = 1;
3820 cc_cacheex_filter_out(cl);
3821 }
3822 }
3823 return;
3824 }
3825
3826 void *cc_srv_init(struct s_client *cl, uchar *UNUSED(mbuf), int32_t UNUSED(len))
3827 {
3828 cc_srv_init2(cl);
3829 return NULL;
3830 }
3831 #endif
3832
3833 int32_t cc_cli_connect(struct s_client *cl)
3834 {
3835 struct s_reader *rdr = cl->reader;
3836 struct cc_data *cc = cl->cc;
3837 rdr->card_status = CARD_FAILURE;
3838 cl->stopped = 0;
3839
3840 if(!cc)
3841 {
3842 // init internals data struct
3843 if(!cs_malloc(&cc, sizeof(struct cc_data)))
3844 { return -1; }
3845 cc_init_locks(cc);
3846 cc->cards = ll_create("cards");
3847 cl->cc = cc;
3848 cc->pending_emms = ll_create("pending_emms");
3849 cc->extended_ecm_idx = ll_create("extended_ecm_idx");
3850 }
3851 else
3852 {
3853 cc_free_cardlist(cc->cards, 0);
3854 free_extended_ecm_idx(cc);
3855 }
3856 if(!cc->prefix)
3857 {
3858 if(!cs_malloc(&cc->prefix, strlen(cl->reader->label) + 20))
3859 { return -1; }
3860 }
3861 snprintf(cc->prefix, strlen(cl->reader->label) + 20, "cccam(r) %s:", cl->reader->label);
3862
3863 int32_t handle, n;
3864 uint8_t data[20];
3865 uint8_t hash[SHA_DIGEST_LENGTH];
3866 uint8_t *buf = cc->send_buffer;
3867 char pwd[64];
3868
3869 // check cred config
3870 if(rdr->device[0] == 0 || rdr->r_pwd[0] == 0 || rdr->r_usr[0] == 0
3871 || rdr->r_port == 0)
3872 {
3873 cs_log("%s configuration error!", rdr->label);
3874 return -5;
3875 }
3876
3877 // connect
3878 handle = network_tcp_connection_open(rdr);
3879 if(handle <= 0)
3880 {
3881 cs_log_dbg(D_READER, "%s network connect error!", rdr->label);
3882 return -1;
3883 }
3884 if(errno == EISCONN)
3885 {
3886 cc_cli_close(cl, 0);
3887 block_connect(rdr);
3888 return -1;
3889 }
3890
3891 int32_t no_delay = 1;
3892 if(cacheex_get_rdr_mode(rdr) < 2)
3893 setsockopt(cl->udp_fd, IPPROTO_TCP, TCP_NODELAY, (void *)&no_delay, sizeof(no_delay));
3894
3895 // get init seed
3896 if((n = cc_recv_to(cl, data, 16)) != 16)
3897 {
3898 if(n <= 0)
3899 { cs_log("init error from reader %s", rdr->label); }
3900 else
3901 cs_log("%s server returned %d instead of 16 bytes as init seed (errno=%d %s)",
3902 rdr->label, n, errno, strerror(errno));
3903 cc_cli_close(cl, 0);
3904 block_connect(rdr);
3905 return -2;
3906 }
3907
3908 cc->ecm_counter = 0;
3909 cc->max_ecms = 0;
3910 cc->cmd05_mode = MODE_UNKNOWN;
3911 cc->cmd05_offset = 0;
3912 cc->cmd05_active = 0;
3913 cc->cmd05_data_len = 0;
3914 cc->extended_mode = 0;
3915 cc->last_emm_card = NULL;
3916 cc->num_hop1 = 0;
3917 cc->num_hop2 = 0;
3918 cc->num_hopx = 0;
3919 cc->num_reshare0 = 0;
3920 cc->num_reshare1 = 0;
3921 cc->num_reshare2 = 0;
3922 cc->num_resharex = 0;
3923 memset(&cc->cmd05_data, 0, sizeof(cc->cmd05_data));
3924 memset(&cc->receive_buffer, 0, sizeof(cc->receive_buffer));
3925 NULLFREE(cc->nok_message);
3926 cc->cmd0c_mode = MODE_CMD_0x0C_NONE;
3927
3928 cs_log_dump_dbg(D_CLIENT, data, 16, "cccam: server init seed:");
3929
3930 uint16_t sum = 0x1234;
3931 uint16_t recv_sum = (data[14] << 8) | data[15];
3932 int32_t i;
3933 for(i = 0; i < 14; i++)
3934 {
3935 sum += data[i];
3936 }
3937 //Create special data to detect oscam-cccam:
3938 cc->is_oscam_cccam = sum == recv_sum;
3939
3940 //detect multics seed
3941 uint8_t a = (data[0]^'M') + data[1] + data[2];
3942 uint8_t b = data[4] + (data[5]^'C') + data[6];
3943 uint8_t c = data[8] + data[9] + (data[10]^'S');
3944 if((a == data[3]) && (b == data[7]) && (c == data[11]))
3945 {
3946 cc->multics_mode = 1; //detected multics seed.
3947 cs_log_dbg(D_READER, "multics seed detected: %s", rdr->label);
3948 }
3949
3950 cc_xor(data); // XOR init bytes with 'CCcam'
3951
3952 SHA_CTX ctx;
3953 SHA1_Init(&ctx);
3954 SHA1_Update(&ctx, data, 16);
3955 SHA1_Final(hash, &ctx);
3956
3957 cs_log_dump_dbg(D_CLIENT, hash, sizeof(hash), "cccam: sha1 hash:");
3958
3959 //initialisate crypto states
3960 cc_init_crypt(&cc->block[DECRYPT], hash, 20);
3961 cc_crypt(&cc->block[DECRYPT], data, 16, DECRYPT);
3962 cc_init_crypt(&cc->block[ENCRYPT], data, 16);
3963 cc_crypt(&cc->block[ENCRYPT], hash, 20, DECRYPT);
3964
3965 cc_cmd_send(cl, hash, 20, MSG_NO_HEADER); // send crypted hash to server
3966
3967 memset(buf, 0, CC_MAXMSGSIZE);
3968 memcpy(buf, rdr->r_usr, strlen(rdr->r_usr));
3969 cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: username '%s':", buf);
3970 cc_cmd_send(cl, buf, 20, MSG_NO_HEADER); // send usr '0' padded -> 20 bytes
3971
3972 memset(buf, 0, CC_MAXMSGSIZE);
3973 memset(pwd, 0, sizeof(pwd));
3974
3975 //cs_log_dbg(D_CLIENT, "cccam: 'CCcam' xor");
3976 memcpy(buf, "CCcam", 5);
3977 strncpy(pwd, rdr->r_pwd, sizeof(pwd) - 1);
3978 cc_crypt(&cc->block[ENCRYPT], (uint8_t *) pwd, strlen(pwd), ENCRYPT);
3979 cc_cmd_send(cl, buf, 6, MSG_NO_HEADER); // send 'CCcam' xor w/ pwd
3980
3981 if((n = cc_recv_to(cl, data, 20)) != 20)
3982 {
3983 cs_log("%s login failed, usr/pwd invalid", getprefix());
3984 cc_cli_close(cl, 0);
3985 block_connect(rdr);
3986 return -2;
3987 }
3988 cc_crypt(&cc->block[DECRYPT], data, 20, DECRYPT);
3989 cs_log_dump_dbg(D_CLIENT, data, 20, "cccam: login data");
3990
3991 if(memcmp(data, buf, 5)) // check server response
3992 {
3993 cs_log("%s login failed, usr/pwd invalid", getprefix());
3994 cc_cli_close(cl, 0);
3995 block_connect(rdr);
3996 return -2;
3997 }
3998 else
3999 {
4000 cs_log_dbg(D_READER, "%s login succeeded", getprefix());
4001 }
4002
4003 cs_log_dbg(D_READER, "cccam: last_s=%ld, last_g=%ld", rdr->last_s, rdr->last_g);
4004
4005 cl->pfd = cl->udp_fd;
4006 cs_log_dbg(D_READER, "cccam: pfd=%d", cl->pfd);
4007
4008 if(cc_send_cli_data(cl) <= 0)
4009 {
4010 cs_log("%s login failed, could not send client data", getprefix());
4011 cc_cli_close(cl, 0);
4012 block_connect(rdr);
4013 return -3;
4014 }
4015
4016 if (rdr->ftab.filts)
4017 {
4018 rdr->caid = rdr->ftab.filts[0].caid;
4019 rdr->nprov = rdr->ftab.filts[0].nprids;
4020 for(n = 0; n < rdr->nprov; n++)
4021 {
4022 rdr->prid[n][0] = rdr->ftab.filts[0].prids[n] >> 24;
4023 rdr->prid[n][1] = rdr->ftab.filts[0].prids[n] >> 16;
4024 rdr->prid[n][2] = rdr->ftab.filts[0].prids[n] >> 8;
4025 rdr->prid[n][3] = rdr->ftab.filts[0].prids[n] & 0xff;
4026 }
4027 }
4028
4029 rdr->card_status = CARD_NEED_INIT;
4030 rdr->last_g = rdr->last_s = time((time_t *) 0);
4031 rdr->tcp_connected = 1;
4032
4033 cc->just_logged_in = 1;
4034 cl->crypted = 1;
4035 cc->ecm_busy = 0;
4036
4037 cc_cacheex_filter_out(cl);
4038
4039 return 0;
4040 }
4041
4042 int32_t cc_cli_init_int(struct s_client *cl)
4043 {
4044 struct s_reader *rdr = cl->reader;
4045 if(rdr->tcp_connected)
4046 { return 1; }
4047
4048 if(rdr->tcp_ito < 15 && rdr->tcp_ito !=-1)
4049 { rdr->tcp_ito = 30; }
4050 if(rdr->cc_maxhops < 0)
4051 { rdr->cc_maxhops = DEFAULT_CC_MAXHOPS; }
4052
4053 if(rdr->tcp_rto < 1)
4054 { rdr->tcp_rto = 30; } // timeout to 30s
4055 cs_log_dbg(D_READER, "cccam: inactivity timeout: %d seconds, receive timeout: %d seconds", rdr->tcp_ito, rdr->tcp_rto);
4056 cc_check_version(rdr->cc_version, rdr->cc_build);
4057 cs_log_dbg(D_READER, "proxy reader: %s (%s:%d) cccam v%s build %s, maxhops: %d",
4058 rdr->label, rdr->device, rdr->r_port, rdr->cc_version,
4059 rdr->cc_build, rdr->cc_maxhops);
4060
4061 return 0;
4062 }
4063
4064 int32_t cc_cli_init(struct s_client *cl)
4065 {
4066 struct s_reader *reader = cl->reader;
4067
4068 int32_t res = cc_cli_init_int(cl); //Create socket
4069
4070 if(res == 0 && reader && (reader->cc_keepalive || !cl->cc) && !reader->tcp_connected)
4071 {
4072
4073 cc_cli_connect(cl); //connect to remote server
4074
4075 // while (!reader->tcp_connected && reader->cc_keepalive && cfg.reader_restart_seconds > 0) {
4076 //
4077 // if ((cc && cc->mode == CCCAM_MODE_SHUTDOWN))
4078 // return -1;
4079 //
4080 // if (!reader->tcp_connected) {
4081 // cc_cli_close(cl, 0);
4082 // res = cc_cli_init_int(cl);
4083 // if (res)
4084 // return res;
4085 // }
4086 // cs_log_dbg(D_READER, "%s restarting reader in %d seconds", reader->label, cfg.reader_restart_seconds);
4087 // cs_sleepms(cfg.reader_restart_seconds*1000);
4088 // cs_log_dbg(D_READER, "%s restarting reader...", reader->label);
4089 // cc_cli_connect(cl);
4090 // }
4091 }
4092 return res;
4093 }
4094
4095 /**
4096 * return 1 if we are able to send requests:
4097 *
4098 */
4099 int32_t cc_available(struct s_reader *rdr, int32_t checktype, ECM_REQUEST *er)
4100 {
4101 if(!rdr || !rdr->client) { return 0; }
4102
4103 struct s_client *cl = rdr->client;
4104 if(!cl) { return 0; }
4105 struct cc_data *cc = cl->cc;
4106
4107 if(er && cc && rdr->tcp_connected)
4108 {
4109 struct cc_card *card = get_matching_card(cl, er, 1);
4110 if(!card)
4111 { return 0; }
4112 }
4113 //cs_log_dbg(D_TRACE, "checking reader %s availibility", rdr->label);
4114 if(!cc || rdr->tcp_connected != 2)
4115 {
4116 //Two cases:
4117 // 1. Keepalive ON but not connected: Do NOT send requests,
4118 // because we can't connect - problem of full running pipes
4119 // 2. Keepalive OFF but not connected: Send requests to connect
4120 // pipe won't run full, because we are reading from pipe to
4121 // get the ecm request
4122 if(rdr->cc_keepalive)
4123 { return 0; }
4124 }
4125
4126 //if (er && er->ecmlen > 255 && cc && !cc->extended_mode && (cc->remote_build_nr < 3367))
4127 // return 0; // remote does not support large ecms!
4128
4129
4130 if(checktype == AVAIL_CHECK_LOADBALANCE && cc && cc->ecm_busy)
4131 {
4132 if(cc_request_timeout(cl))
4133 { cc_cycle_connection(cl); }
4134 if(!rdr->tcp_connected || cc->ecm_busy)
4135 {
4136 cs_log_dbg(D_TRACE, "checking reader %s availibility=0 (unavail)",
4137 rdr->label);
4138 return 0; //We are processing EMMs/ECMs
4139 }
4140 }
4141
4142 return 1;
4143 }
4144
4145 /**
4146 *
4147 *
4148 **/
4149 void cc_card_info(void)
4150 {
4151 struct s_client *cl = cur_client();
4152 struct s_reader *rdr = cl->reader;
4153
4154 if(rdr && !rdr->tcp_connected)
4155 { cc_cli_connect(cl); }
4156 }
4157
4158 void cc_cleanup(struct s_client *cl)
4159 {
4160 if(cl->typ != 'c')
4161 {
4162 cc_cli_close(cl, 1); // we need to close open fd's
4163 }
4164 cc_free(cl);
4165 }
4166
4167 void cc_update_nodeid(void)
4168 {
4169 if(array_has_nonzero_byte(cfg.cc_fixed_nodeid, sizeof(cfg.cc_fixed_nodeid)))
4170 {
4171 memcpy(cc_node_id, cfg.cc_fixed_nodeid, 8);
4172 return;
4173 }
4174 //Partner Detection:
4175 uint16_t sum = 0x1234; //This is our checksum
4176 int32_t i;
4177 get_random_bytes(cc_node_id, 4);
4178 for(i = 0; i < 4; i++)
4179 {
4180 sum += cc_node_id[i];
4181 }
4182
4183 // Partner ID:
4184 cc_node_id[4] = 0x10; // (Oscam 0x10, vPlugServer 0x11, Hadu 0x12,...)
4185 sum += cc_node_id[4];
4186
4187 // generate checksum for Partner ID:
4188 cc_node_id[5] = 0xAA;
4189 for(i = 0; i < 5; i++)
4190 {
4191 cc_node_id[5] ^= cc_node_id[i];
4192 }
4193 sum += cc_node_id[5];
4194
4195 cc_node_id[6] = sum >> 8;
4196 cc_node_id[7] = sum & 0xff;
4197
4198 memcpy(cfg.cc_fixed_nodeid, cc_node_id, 8);
4199 }
4200
4201 bool cccam_forward_origin_card(ECM_REQUEST *er)
4202 {
4203 if(cfg.cc_forward_origin_card && er->origin_card)
4204 {
4205 struct cc_card *card = er->origin_card;
4206 struct s_ecm_answer *eab = NULL;
4207 struct s_ecm_answer *ea;
4208 for(ea = er->matching_rdr; ea; ea = ea->next)
4209 {
4210 ea->status &= ~(READER_ACTIVE | READER_FALLBACK);
4211 if(card->origin_reader == ea->reader)
4212 { eab = ea; }
4213 }
4214 if(eab)
4215 {
4216 cs_log_dbg(D_LB, "loadbalancer: forward card: forced by card %d to reader %s", card->id, eab->reader->label);
4217 eab->status |= READER_ACTIVE;
4218 return true;
4219 }
4220 }
4221 return false;
4222 }
4223
4224 bool cccam_snprintf_cards_stat(struct s_client *cl, char *emmtext, size_t emmtext_sz)
4225 {
4226 struct cc_data *rcc = cl->cc;
4227 if(rcc)
4228 {
4229 LLIST *cards = rcc->cards;
4230 if(cards)
4231 {
4232 int32_t ncards = ll_count(cards);
4233 int32_t locals = rcc->num_hop1;
4234 snprintf(emmtext, emmtext_sz, " %3d/%3d card%s", locals, ncards, ncards > 1 ? "s " : " ");
4235 return true;
4236 }
4237 }
4238 return false;
4239 }
4240
4241 bool cccam_client_extended_mode(struct s_client *cl)
4242 {
4243 return cl && cl->cc && ((struct cc_data *)cl->cc)->extended_mode;
4244 }
4245
4246 bool cccam_client_multics_mode(struct s_client *cl)
4247 {
4248 return cl && cl->cc && ((struct cc_data *)cl->cc)->multics_mode == 2;
4249 }
4250
4251 void module_cccam(struct s_module *ph)
4252 {
4253 ph->desc = "cccam";
4254 ph->type = MOD_CONN_TCP;
4255 ph->large_ecm_support = 1;
4256 ph->listenertype = LIS_CCCAM;
4257 ph->num = R_CCCAM;
4258 ph->recv = cc_recv;
4259 ph->cleanup = cc_cleanup;
4260 ph->bufsize = 2048;
4261 ph->c_init = cc_cli_init;
4262 ph->c_idle = cc_idle;
4263 ph->c_recv_chk = cc_recv_chk;
4264 ph->c_send_ecm = cc_send_ecm;
4265 ph->c_send_emm = cc_send_emm;
4266 #ifdef MODULE_CCCSHARE
4267 IP_ASSIGN(ph->s_ip, cfg.cc_srvip);
4268 ph->s_handler = cc_srv_init;
4269 ph->s_init = cc_srv_init2;
4270 ph->s_idle = cc_s_idle;
4271 ph->send_dcw = cc_send_dcw;
4272 #endif
4273 ph->c_available = cc_available;
4274 ph->c_card_info = cc_card_info;
4275 cc_cacheex_module_init(ph);
4276
4277 cc_update_nodeid();
4278
4279 #ifdef MODULE_CCCSHARE
4280 int32_t i;
4281 for(i = 0; i < CS_MAXPORTS; i++)
4282 {
4283 if(!cfg.cc_port[i]) { break; }
4284 ph->ptab.ports[i].s_port = cfg.cc_port[i];
4285 ph->ptab.nports++;
4286 }
4287
4288 if(cfg.cc_port[0])
4289 { cccam_init_share(); }
4290 #endif
4291 }
4292 #endif
Open Source Conditional Access Modul