1 #define MODULE_LOG_PREFIX "client"
5 #include "cscrypt/md5.h"
6 #include "module-anticasc.h"
7 #include "module-cccam.h"
8 #include "module-webif.h"
9 #include "oscam-array.h"
10 #include "oscam-conf-chk.h"
11 #include "oscam-client.h"
12 #include "oscam-ecm.h"
13 #include "oscam-failban.h"
14 #include "oscam-garbage.h"
15 #include "oscam-lock.h"
16 #include "oscam-net.h"
17 #include "oscam-reader.h"
18 #include "oscam-string.h"
19 #include "oscam-time.h"
20 #include "oscam-work.h"
21 #include "reader-common.h"
22 #include "oscam-chk.h"
24 extern CS_MUTEX_LOCK fakeuser_lock
;
26 static char *processUsername
;
27 static struct s_client
*first_client_hashed
[CS_CLIENT_HASHBUCKETS
]; // Alternative hashed client list
29 /* Gets the unique thread number from the client. Used in monitor and newcamd. */
30 int32_t get_threadnum(struct s_client
*client
)
35 for(cl
= first_client
->next
; cl
; cl
= cl
->next
)
37 if(cl
->typ
== client
->typ
)
50 struct s_auth
*get_account_by_name(char *name
)
52 struct s_auth
*account
;
53 for(account
= cfg
.account
; (account
); account
= account
->next
)
55 if(streq(name
, account
->usr
))
63 int8_t is_valid_client(struct s_client
*client
)
66 int32_t bucket
= (uintptr_t)client
/ 16 % CS_CLIENT_HASHBUCKETS
;
68 for(cl
= first_client_hashed
[bucket
]; cl
; cl
= cl
->nexthashed
)
78 const char *remote_txt(void)
80 return cur_client()->typ
== 'c' ? "client" : "remote server";
83 const char *client_get_proto(struct s_client
*cl
)
98 ctyp
= reader_get_type_desc(cl
->reader
, 1);
103 ctyp
= "anticascader";
108 if(cccam_client_extended_mode(cl
))
115 ctyp
= get_module(cl
)->desc
;
120 static void cs_fake_client(struct s_client
*client
, char *usr
, int32_t uniq
, IN_ADDR_T ip
)
122 /* Uniq = 1: only one connection per user
124 * Uniq = 2: set (new connected) user only to fake if source
125 * ip is different (e.g. for newcamd clients with
126 * different CAID's -> Ports)
128 * Uniq = 3: only one connection per user, but only the last
129 * login will survive (old mpcs behavior)
131 * Uniq = 4: set user only to fake if source ip is
132 * different, but only the last login will survive
136 struct s_auth
*account
;
137 uint32_t con_count
= 1;
138 cs_writelock(__func__
, &fakeuser_lock
);
140 for(cl
= first_client
->next
; cl
; cl
= cl
->next
)
142 account
= cl
->account
;
143 if(cl
!= client
&& cl
->typ
== 'c' && !cl
->dup
&& account
&& streq(account
->usr
, usr
)
144 && uniq
< 5 && ((uniq
% 2) || !IP_EQUAL(cl
->ip
, ip
)))
149 if(con_count
<= account
->max_connections
)
154 if(uniq
== 3 || uniq
== 4)
157 cl
->aureader_list
= NULL
;
158 cs_strncpy(buf
, cs_inet_ntoa(cl
->ip
), sizeof(buf
));
159 cs_log("client(%8lX) duplicate user '%s' from %s (prev %s) set to fake (uniq=%d)",
160 (unsigned long)cl
->thread
, usr
, cs_inet_ntoa(ip
), buf
, uniq
);
162 if(cl
->failban
& BAN_DUPLICATE
)
164 cs_add_violation(cl
, usr
);
169 cs_writeunlock(__func__
, &fakeuser_lock
);
170 cs_sleepms(120); // sleep a bit to prevent against saturation from fast reconnecting clients
172 cs_writelock(__func__
, &fakeuser_lock
);
178 client
->aureader_list
= NULL
;
179 cs_strncpy(buf
, cs_inet_ntoa(ip
), sizeof(buf
));
180 cs_log("client(%8lX) duplicate user '%s' from %s (current %s) set to fake (uniq=%d)",
181 (unsigned long)pthread_self(), usr
, cs_inet_ntoa(cl
->ip
), buf
, uniq
);
183 if(client
->failban
& BAN_DUPLICATE
)
185 cs_add_violation_by_ip(ip
, get_module(client
)->ptab
.ports
[client
->port_idx
].s_port
, usr
);
190 cs_writeunlock(__func__
, &fakeuser_lock
); // we need to unlock here as cs_disconnect_client kills the current thread!
191 cs_sleepms(120); // sleep a bit to prevent against saturation from fast reconnecting clients
192 cs_disconnect_client(client
);
193 cs_writelock(__func__
, &fakeuser_lock
);
199 cs_writeunlock(__func__
, &fakeuser_lock
);
202 /* Resolves the ip of the hostname of the specified account and saves it in account->dynip.
203 If the hostname is not configured, the ip is set to 0. */
204 static void cs_user_resolve(struct s_auth
*account
)
209 IP_ASSIGN(lastip
, account
->dynip
);
210 cs_resolve(account
->dyndns
, &account
->dynip
, NULL
, NULL
);
212 if(!IP_EQUAL(lastip
, account
->dynip
))
214 cs_log("%s: resolved ip=%s", account
->dyndns
, cs_inet_ntoa(account
->dynip
));
219 set_null_ip(&account
->dynip
);
223 /* Returns the username from the client. You will always get a char reference back (no NULLs but it may be string containting "NULL")
224 which you should never modify and not free()! */
225 const char *username(struct s_client
*client
)
227 if(!check_client(client
))
232 if(client
->typ
== 's' || client
->typ
== 'h' || client
->typ
== 'a')
234 return processUsername
? processUsername
: "NULL";
237 if(client
->typ
== 'c' || client
->typ
== 'm')
239 struct s_auth
*acc
= client
->account
;
256 else if(client
->typ
== 'r' || client
->typ
== 'p')
258 struct s_reader
*rdr
= client
->reader
;
268 struct s_client
*create_client(IN_ADDR_T ip
)
271 if(!cs_malloc(&cl
, sizeof(struct s_client
)))
273 cs_log("max connections reached (out of memory) -> reject client %s",
274 IP_ISSET(ip
) ? cs_inet_ntoa(ip
) : "with null address");
280 IP_ASSIGN(cl
->ip
, ip
);
281 cl
->account
= first_client
->account
;
284 SAFE_MUTEX_INIT(&cl
->thread_lock
, NULL
);
285 cl
->login
= cl
->last
= time(NULL
);
286 cl
->tid
= (uint32_t)rand();
288 //Now add new client to the list:
289 struct s_client
*last
;
290 cs_writelock(__func__
, &clientlist_lock
);
292 for(last
= first_client
; last
&& last
->next
; last
= last
->next
)
293 { ; } //ends with cl on last client
300 int32_t bucket
= (uintptr_t)cl
/ 16 % CS_CLIENT_HASHBUCKETS
;
301 cl
->nexthashed
= first_client_hashed
[bucket
];
302 first_client_hashed
[bucket
] = cl
;
304 cs_writeunlock(__func__
, &clientlist_lock
);
309 /* Creates the master client of OSCam and inits some global variables/mutexes. */
310 void init_first_client(void)
312 // get username OScam is running under
314 struct passwd
*pwdbuf
;
317 pwdbuf
= getpwuid(getuid()); // This is safe
320 memcpy(&pwd
, pwdbuf
, sizeof(pwd
));
321 processUsername
= cs_strdup(pwd
.pw_name
);
325 if(getpwuid_r(getuid(), &pwd
, buf
, sizeof(buf
), &pwdbuf
) == 0)
327 processUsername
= cs_strdup(pwd
.pw_name
);
331 if(!cs_malloc(&first_client
, sizeof(struct s_client
)))
333 fprintf(stderr
, "Could not allocate memory for master client, exiting...");
337 memset(first_client_hashed
, 0, sizeof(first_client_hashed
));
338 int32_t bucket
= (uintptr_t)first_client
/ 16 % CS_CLIENT_HASHBUCKETS
;
339 first_client_hashed
[bucket
] = first_client
;
341 first_client
->next
= NULL
; // terminate clients list with NULL
342 first_client
->login
= time(NULL
);
343 first_client
->typ
= 's';
344 first_client
->thread
= pthread_self();
345 set_localhost_ip(&first_client
->ip
);
347 struct s_auth
*null_account
;
348 if(!cs_malloc(&null_account
, sizeof(struct s_auth
)))
350 fprintf(stderr
, "Could not allocate memory for master account, exiting...");
354 first_client
->account
= null_account
;
355 if(pthread_setspecific(getclient
, first_client
))
357 fprintf(stderr
, "Could not setspecific getclient in master process, exiting...");
362 int32_t cs_auth_client(struct s_client
*client
, struct s_auth
*account
, const char *e_txt
)
365 uint8_t md5tmp
[MD5_DIGEST_LENGTH
];
369 char *t_crypt
= "encrypted";
370 char *t_plain
= "plain";
371 char *t_grant
= " granted";
372 char *t_reject
= " rejected";
373 char *t_msg
[] = { buf
, "invalid access", "invalid ip", "unknown reason", "protocol not allowed" };
374 struct s_module
*module
= get_module(client
);
376 memset(&client
->grp
, 0xff, sizeof(uint64_t));
377 //client->grp=0xffffffffffffff;
378 if((intptr_t)account
!= 0 && (intptr_t)account
!= -1 && account
->disabled
)
380 cs_add_violation(client
, account
->usr
);
381 cs_log("%s %s-client %s%s (%s%sdisabled account)",
382 client
->crypted
? t_crypt
: t_plain
,
384 IP_ISSET(client
->ip
) ? cs_inet_ntoa(client
->ip
) : "",
385 IP_ISSET(client
->ip
) ? t_reject
: t_reject
+ 1,
391 // check whether client comes in over allowed protocol
392 if((intptr_t)account
!= 0 && (intptr_t)account
!= -1 && (intptr_t)account
->allowedprotocols
&&
393 (((intptr_t)account
->allowedprotocols
& module
->listenertype
) != module
->listenertype
))
395 cs_add_violation(client
, account
->usr
);
396 cs_log("%s %s-client %s%s (%s%sprotocol not allowed)",
397 client
->crypted
? t_crypt
: t_plain
,
399 IP_ISSET(client
->ip
) ? cs_inet_ntoa(client
->ip
) : "",
400 IP_ISSET(client
->ip
) ? t_reject
: t_reject
+ 1,
406 client
->account
= first_client
->account
;
407 switch((intptr_t)account
)
409 case 0: // reject access
412 cs_add_violation(client
, NULL
);
413 cs_log("%s %s-client %s%s (%s)",
414 client
->crypted
? t_crypt
: t_plain
,
416 IP_ISSET(client
->ip
) ? cs_inet_ntoa(client
->ip
) : "",
417 IP_ISSET(client
->ip
) ? t_reject
: t_reject
+ 1,
418 e_txt
? e_txt
: t_msg
[rc
]);
422 default: // grant/check access
424 if(IP_ISSET(client
->ip
) && account
->dyndns
)
426 if(!IP_EQUAL(client
->ip
, account
->dynip
))
427 { cs_user_resolve(account
); }
428 if(!IP_EQUAL(client
->ip
, account
->dynip
))
430 cs_add_violation(client
, account
->usr
);
435 client
->monlvl
= account
->monlvl
;
436 client
->account
= account
;
441 if(client
->typ
== 'c' || client
->typ
== 'm')
443 client
->pcrc
= crc32(0L, MD5((uint8_t *)(ESTR(account
->pwd
)), strlen(ESTR(account
->pwd
)), md5tmp
), MD5_DIGEST_LENGTH
);
446 if(client
->typ
== 'c')
448 client
->last_caid
= NO_CAID_VALUE
;
449 client
->last_provid
= NO_PROVID_VALUE
;
450 client
->last_srvid
= NO_SRVID_VALUE
;
451 client
->expirationdate
= account
->expirationdate
;
452 client
->disabled
= account
->disabled
;
453 client
->allowedtimeframe_set
=account
->allowedtimeframe_set
;
455 for(i
= 0; i
< SIZE_SHORTDAY
; i
++)
457 for(j
= 0; j
< 24; j
++)
459 client
->allowedtimeframe
[i
][j
][0] = account
->allowedtimeframe
[i
][j
][0];
460 client
->allowedtimeframe
[i
][j
][1] = account
->allowedtimeframe
[i
][j
][1];
464 if(account
->firstlogin
== 0)
466 account
->firstlogin
= time((time_t *)0);
469 client
->failban
= account
->failban
;
470 client
->c35_suppresscmd08
= account
->c35_suppresscmd08
;
471 client
->ncd_keepalive
= account
->ncd_keepalive
;
472 client
->grp
= account
->grp
;
473 client
->aureader_list
= account
->aureader_list
;
474 client
->autoau
= account
->autoau
;
475 client
->tosleep
= (60 * account
->tosleep
);
476 client
->c35_sleepsend
= account
->c35_sleepsend
;
477 caidtab_clone(&account
->ctab
, &client
->ctab
);
481 cs_fake_client(client
, account
->usr
, account
->uniq
, client
->ip
);
484 client
->cltab
= account
->cltab
; // CLASS filter
485 ftab_clone(&account
->ftab
, &client
->ftab
); // IDENT filter
486 ftab_clone(&account
->fchid
, &client
->fchid
); // CHID filter
487 client
->sidtabs
.ok
= account
->sidtabs
.ok
; // services
488 client
->sidtabs
.no
= account
->sidtabs
.no
; // services
489 tuntab_clone(&account
->ttab
, &client
->ttab
);
490 ac_init_client(client
, account
);
495 case -1: // anonymous grant access
503 if(client
->typ
== 'm')
505 snprintf(t_msg
[0], sizeof(buf
), "lvl=%d", client
->monlvl
);
509 int32_t rcount
= ll_count(client
->aureader_list
);
510 snprintf(buf
, sizeof(buf
), "au=");
514 snprintf(buf
+ 3, sizeof(buf
) - 3, "off");
520 snprintf(buf
+ 3, sizeof(buf
) - 3, "auto (%d reader)", rcount
);
524 snprintf(buf
+ 3, sizeof(buf
) - 3, "on (%d reader)", rcount
);
530 cs_log("%s %s-client %s%s (%s, %s)",
531 client
->crypted
? t_crypt
: t_plain
,
532 e_txt
? e_txt
: module
->desc
,
533 IP_ISSET(client
->ip
) ? cs_inet_ntoa(client
->ip
) : "",
534 IP_ISSET(client
->ip
) ? t_grant
: t_grant
+ 1,
535 username(client
), t_msg
[rc
]);
543 void cs_disconnect_client(struct s_client
*client
)
545 char buf
[32] = { 0 };
547 if(IP_ISSET(client
->ip
))
549 snprintf(buf
, sizeof(buf
), " from %s", cs_inet_ntoa(client
->ip
));
552 cs_log("%s disconnected%s", username(client
), buf
);
554 if(client
== cur_client())
564 void kill_all_clients(void)
567 for(cl
= first_client
->next
; cl
; cl
= cl
->next
)
569 if(cl
->typ
== 'c' || cl
->typ
== 'm')
573 cs_log("killing client %s", cl
->account
->usr
);
578 NULLFREE(processUsername
);
581 void cs_reinit_clients(struct s_auth
*new_accounts
)
583 struct s_auth
*account
;
584 uint8_t md5tmp
[MD5_DIGEST_LENGTH
];
589 for(cl
= first_client
->next
; cl
; cl
= cl
->next
)
591 if((cl
->typ
== 'c' || cl
->typ
== 'm') && cl
->account
)
593 for(account
= new_accounts
; (account
) ; account
= account
->next
)
595 if(!strcmp(cl
->account
->usr
, account
->usr
))
601 if(account
&& !account
->disabled
&& cl
->pcrc
== crc32(0L, MD5((uint8_t *)ESTR(account
->pwd
), strlen(ESTR(account
->pwd
)), md5tmp
), MD5_DIGEST_LENGTH
))
603 cl
->account
= account
;
606 cl
->grp
= account
->grp
;
607 cl
->aureader_list
= account
->aureader_list
;
608 cl
->autoau
= account
->autoau
;
609 cl
->expirationdate
= account
->expirationdate
;
610 cl
->allowedtimeframe_set
= account
->allowedtimeframe_set
;
612 for(i
= 0; i
< SIZE_SHORTDAY
; i
++)
614 for(j
= 0; j
< 24; j
++)
616 cl
->allowedtimeframe
[i
][j
][0] = account
->allowedtimeframe
[i
][j
][0];
617 cl
->allowedtimeframe
[i
][j
][1] = account
->allowedtimeframe
[i
][j
][1];
621 cl
->ncd_keepalive
= account
->ncd_keepalive
;
622 cl
->c35_suppresscmd08
= account
->c35_suppresscmd08
;
623 cl
->tosleep
= (60 * account
->tosleep
);
624 cl
->c35_sleepsend
= account
->c35_sleepsend
;
625 cl
->monlvl
= account
->monlvl
;
626 cl
->disabled
= account
->disabled
;
627 cl
->cltab
= account
->cltab
; // Class
629 // newcamd module doesn't like ident reloading
632 ftab_clone(&account
->ftab
, &cl
->ftab
); // IDENT filter
633 ftab_clone(&account
->fchid
, &cl
->fchid
); // CHID filter
636 cl
->sidtabs
.ok
= account
->sidtabs
.ok
; // services
637 cl
->sidtabs
.no
= account
->sidtabs
.no
; // services
638 cl
->failban
= account
->failban
;
640 caidtab_clone(&account
->ctab
, &cl
->ctab
);
641 tuntab_clone(&account
->ttab
, &cl
->ttab
);
643 webif_client_reset_lastresponsetime(cl
);
647 cs_fake_client(cl
, account
->usr
, (account
->uniq
== 1 || account
->uniq
== 2) ? account
->uniq
+ 2 : account
->uniq
, cl
->ip
);
650 ac_init_client(cl
, account
);
655 if(get_module(cl
)->type
& MOD_CONN_NET
)
657 cs_log_dbg(D_TRACE
, "client '%s', thread=%8lX not found in db (or password changed)", cl
->account
->usr
, (unsigned long)cl
->thread
);
662 cl
->account
= first_client
->account
;
673 void client_check_status(struct s_client
*cl
)
675 if(!cl
|| cl
->kill
|| !cl
->init_done
)
684 if((get_module(cl
)->listenertype
& LIS_CCCAM
) && cl
->last
&& (time(NULL
) - cl
->last
) > (time_t)12)
686 add_job(cl
, ACTION_CLIENT_IDLE
, NULL
, 0);
689 // Check umaxidle to avoid client is killed for inactivity, it has priority than cmaxidle
690 if(!cl
->account
->umaxidle
)
695 // Check user for exceeding umaxidle by checking cl->last, except Newcamd & Gbox
696 if(!(cl
->ncd_keepalive
&& (get_module(cl
)->listenertype
& LIS_NEWCAMD
)) && !(get_module(cl
)->listenertype
& LIS_GBOX
) && cl
->account
->umaxidle
>0 && cl
->last
&& (time(NULL
) - cl
->last
) > (time_t)cl
->account
->umaxidle
)
698 add_job(cl
, ACTION_CLIENT_IDLE
, NULL
, 0);
701 // Check clients for exceeding cmaxidle by checking cl->last, except Newcamd & Gbox
702 if(!(cl
->ncd_keepalive
&& (get_module(cl
)->listenertype
& LIS_NEWCAMD
)) && !(get_module(cl
)->listenertype
& LIS_GBOX
) && cl
->last
&& cl
->account
->umaxidle
==-1 && cfg
.cmaxidle
&& (time(NULL
) - cl
->last
) > (time_t)cfg
.cmaxidle
)
704 add_job(cl
, ACTION_CLIENT_IDLE
, NULL
, 0);
708 if((get_module(cl
)->listenertype
& LIS_GBOX
) && cl
->last
&& (time(NULL
) - cl
->last
) > (time_t)cfg
.gbox_reconnect
)
710 add_job(cl
, ACTION_PEER_IDLE
, NULL
, 0);
716 cardreader_checkhealth(cl
, cl
->reader
);
721 struct s_reader
*rdr
= cl
->reader
;
722 if(!rdr
|| !rdr
->enable
|| !rdr
->active
) // reader is disabled or restarting at this moment
727 // execute reader do idle on proxy reader after a certain time (rdr->tcp_ito = inactivitytimeout)
728 // disconnect when no keepalive available
729 if((rdr
->tcp_ito
&& is_cascading_reader(rdr
)) || (rdr
->typ
== R_CCCAM
) || (rdr
->typ
== R_CAMD35
) || (rdr
->typ
== R_CS378X
) || (rdr
->typ
== R_SCAM
) || (rdr
->tcp_ito
!= 0 && rdr
->typ
== R_RADEGAST
))
731 time_t now
= time(NULL
);
732 int32_t time_diff
= llabs(now
- rdr
->last_check
);
734 if(time_diff
> 60 || (time_diff
> 12 && (rdr
->typ
== R_CCCAM
|| rdr
->typ
== R_CAMD35
|| rdr
->typ
== R_CS378X
)) || ((time_diff
> (rdr
->tcp_rto
?rdr
->tcp_rto
:60)) && rdr
->typ
== R_RADEGAST
)) //check 1x per minute or every 10s for cccam/camd35 or reconnecttimeout radegast if 0 defaut 60s
736 add_job(rdr
->client
, ACTION_READER_IDLE
, NULL
, 0);
737 rdr
->last_check
= now
;
745 void free_client(struct s_client
*cl
)
752 struct s_reader
*rdr
= cl
->reader
;
754 // Remove client from client list. kill_thread also removes this client, so here just if client exits itself...
755 struct s_client
*prev
, *cl2
;
756 cs_writelock(__func__
, &clientlist_lock
);
758 if(!cl
->kill_started
)
760 cl
->kill_started
= 1;
764 cs_writeunlock(__func__
, &clientlist_lock
);
765 cs_log("[free_client] ERROR: free already started!");
770 for(prev
= first_client
, cl2
= first_client
->next
; prev
->next
!= NULL
; prev
= prev
->next
, cl2
= cl2
->next
)
778 if(cl
== cl2
) // Remove client from list
780 prev
->next
= cl2
->next
;
783 int32_t bucket
= (uintptr_t)cl
/ 16 % CS_CLIENT_HASHBUCKETS
;
785 // Remove client from hashed list
786 if(first_client_hashed
[bucket
] == cl
)
788 first_client_hashed
[bucket
] = cl
->nexthashed
;
792 for(prev
= first_client_hashed
[bucket
], cl2
= first_client_hashed
[bucket
]->nexthashed
;
793 prev
->nexthashed
!= NULL
; prev
= prev
->nexthashed
, cl2
= cl2
->nexthashed
)
803 prev
->nexthashed
= cl2
->nexthashed
;
807 cs_writeunlock(__func__
, &clientlist_lock
);
808 cleanup_ecmtasks(cl
);
810 // Clean reader. The cleaned structures should be only used by the reader thread, so we should be save without waiting
813 ll_destroy_data(&rdr
->emmstat
);
814 remove_reader_from_active(rdr
);
816 cs_sleepms(1000); // just wait a bit that really really nobody is accessing client data
825 cardreader_close(rdr
);
830 network_tcp_connection_close(rdr
, "cleanup");
836 // Clean client specific data
840 cl
->last_caid
= NO_CAID_VALUE
;
841 cl
->last_provid
= NO_PROVID_VALUE
;
842 cl
->last_srvid
= NO_SRVID_VALUE
;
845 cs_sleepms(1000); // just wait a bit that really really nobody is accessing client data
848 struct s_module
*module
= get_module(cl
);
854 // Close network socket if not already cleaned by previous cleanup functions
860 // Clean all remaining structures
862 NULLFREE(cl
->work_mbuf
);
866 add_garbage(cl
->ecmtask
);
870 ll_destroy_data(&cl
->cascadeusers
);
872 ftab_clear(&cl
->ftab
);
873 ftab_clear(&cl
->fchid
);
874 tuntab_clear(&cl
->ttab
);
875 caidtab_clear(&cl
->ctab
);
877 NULLFREE(cl
->cltab
.aclass
);
878 NULLFREE(cl
->cltab
.bclass
);
880 NULLFREE(cl
->cw_rass
);
881 ll_destroy_data(&cl
->ra_buf
);
882 NULLFREE(cl
->aes_keys
);
888 add_garbage(cl
->serialdata
);