search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
- fix for ticker #4787
[oscam.git] / module-camd35.c
blobf8131e5f6f629213d24c0ca9ade0bfcd25dc6342
1 #define MODULE_LOG_PREFIX "camd35"
2
3 #include "globals.h"
4 #if defined MODULE_CAMD35 || defined MODULE_CAMD35_TCP
5
6 #include "cscrypt/md5.h"
7 #include "module-cacheex.h"
8 #include "module-camd35.h"
9 #include "module-camd35-cacheex.h"
10 #include "oscam-aes.h"
11 #include "oscam-chk.h"
12 #include "oscam-cache.h"
13 #include "oscam-client.h"
14 #include "oscam-ecm.h"
15 #include "oscam-emm.h"
16 #include "oscam-net.h"
17 #include "oscam-string.h"
18 #include "oscam-reader.h"
19
20 //CMD00 - ECM (request)
21 //CMD01 - ECM (response)
22 //CMD02 - EMM (in clientmode - set EMM, in server mode - EMM data) - obsolete
23 //CMD03 - ECM (cascading request)
24 //CMD04 - ECM (cascading response)
25 //CMD05 - EMM (emm request) send cardata/cardinfo to client
26 //CMD06 - EMM (incomming EMM in server mode)
27 //CMD19 - EMM (incomming EMM in server mode) only seen with caid 0x1830
28 //CMD08 - Stop sending requests to the server for current srvid, prvid, caid
29 //CMD44 - MPCS/OScam internal error notification
30 //CMD55 - connect_on_init/keepalive
31
32 //CMD0x3c - CACHEEX Cache-push filter request
33 //CMD0x3d - CACHEEX Cache-push id request
34 //CMD0x3e - CACHEEX Cache-push id answer
35 //CMD0x3f - CACHEEX cache-push
36
37 //used variable ncd_skey for storing remote node id: ncd_skey[0..7] : 8
38 //bytes node id ncd_skey[8] : 1=valid node id received
39
40 #define REQ_SIZE 20 + MAX_ECM_SIZE + 0x34
41
42 static int32_t __camd35_send(struct s_client *cl, uint8_t *buf, int32_t buflen, int answer_awaited)
43 {
44 int32_t l, status;
45 uint8_t rbuf[4 + REQ_SIZE + 15];
46 uint8_t *sbuf = rbuf + 4;
47
48 if(!cl->udp_fd || !cl->crypted)
49 {
50 return -1; // exit if no fd or aes key not set
51 }
52
53 // Fix ECM len > 255
54 if(buflen <= 0)
55 {
56 buflen = (buf[0] == 0) ? (((buf[21] & 0x0F) << 8) | buf[22]) + 3 : buf[1];
57 }
58 l = 20 + (((buf[0] == 3) || (buf[0] == 4)) ? 0x34 : 0) + buflen;
59
60 memcpy(rbuf, cl->ucrc, 4);
61 memcpy(sbuf, buf, l);
62 memset(sbuf + l, 0xFF, 15); // set unused space to 0xFF for newer camd3's
63 i2b_buf(4, crc32(0L, sbuf + 20, buflen), sbuf + 4);
64 l = boundary(4, l);
65
66 cs_log_dump_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, sbuf, l, "send %d bytes to %s", l, username(cl));
67
68 aes_encrypt_idx(cl->aes_keys, sbuf, l);
69
70 if(cl->is_udp)
71 {
72 status = sendto(cl->udp_fd, rbuf, l + 4, 0, (struct sockaddr *)&cl->udp_sa, cl->udp_sa_len);
73 if(status == -1)
74 {
75 set_null_ip(&SIN_GET_ADDR(cl->udp_sa));
76 }
77 }
78 else
79 {
80 status = send(cl->udp_fd, rbuf, l + 4, 0);
81
82 if(cl->typ == 'p' && cl->reader)
83 {
84 if(status == -1)
85 {
86 network_tcp_connection_close(cl->reader, "can't send");
87 }
88 }
89 else if(cl->typ == 'c')
90 {
91 if(status == -1)
92 {
93 cs_disconnect_client(cl);
94 }
95 }
96 }
97
98 if(status != -1)
99 {
100 if(cl->reader && answer_awaited)
101 {
102 cl->reader->last_s = time(NULL);
103 }
104
105 if(cl->reader && !answer_awaited)
106 {
107 cl->reader->last_s = cl->reader->last_g = time(NULL);
108 }
109
110 cl->last = time(NULL);
111 }
112
113 return status;
114 }
115
116 int32_t camd35_send(struct s_client *cl, uint8_t *buf, int32_t buflen)
117 {
118 // send command and set sending time because we await response
119 return __camd35_send(cl, buf, buflen, 1);
120 }
121
122 int32_t camd35_send_without_timeout(struct s_client *cl, uint8_t *buf, int32_t buflen)
123 {
124 // send command and do NOT set sending time because we DON'T await response
125 return __camd35_send(cl, buf, buflen, 0);
126 }
127
128 static int32_t camd35_auth_client(struct s_client *cl, uint8_t *ucrc)
129 {
130 int32_t rc = 1, no_delay = 1;
131 uint32_t crc;
132 struct s_auth *account;
133 uint8_t md5tmp[MD5_DIGEST_LENGTH];
134
135 if(cl->upwd[0])
136 {
137 return memcmp(cl->ucrc, ucrc, 4) ? 1 : 0;
138 }
139
140 cl->crypted = 1;
141
142 crc = ((ucrc[0] << 24) | (ucrc[1] << 16) | (ucrc[2] << 8) | ucrc[3]) & 0xffffffffL;
143
144 for(account = cfg.account; account && (!cl->upwd[0]); account = account->next)
145 {
146 if(crc == crc32(0L, MD5((uint8_t *)account->usr, strlen(account->usr), md5tmp), MD5_DIGEST_LENGTH))
147 {
148 rc = cs_auth_client(cl, account, NULL);
149 if(!rc)
150 {
151 memcpy(cl->ucrc, ucrc, 4);
152 cs_strncpy((char *)cl->upwd, account->pwd, sizeof(cl->upwd));
153 if(!aes_set_key_alloc(&cl->aes_keys, (char *) MD5(cl->upwd, strlen((char *)cl->upwd), md5tmp)))
154 {
155 return 1;
156 }
157
158 #ifdef CS_CACHEEX
159 if(cl->account->cacheex.mode < 2)
160 #endif
161 if(!cl->is_udp && cl->tcp_nodelay == 0)
162 {
163 setsockopt(cl->udp_fd, IPPROTO_TCP, TCP_NODELAY, (void *)&no_delay, sizeof(no_delay));
164 cl->tcp_nodelay = 1;
165 }
166
167 return 0;
168 }
169 }
170 }
171
172 return (rc);
173 }
174
175 static int32_t camd35_recv(struct s_client *client, uint8_t *buf, int32_t l)
176 {
177 int32_t rc, s, rs, n = 0, buflen = 0, len = 0;
178
179 for(rc = rs = s = 0; !rc; s++)
180 {
181 switch(s)
182 {
183 case 0:
184 {
185 if(!client->udp_fd)
186 {
187 return -9;
188 }
189
190 if(client->is_udp && client->typ == 'c')
191 {
192 rs = recv_from_udpipe(buf);
193 }
194 else
195 {
196 // read minimum packet size (4 byte ucrc + 32 byte data)
197 // to detect packet size (tcp only)
198
199 //rs = cs_recv(client->udp_fd, buf, client->is_udp ? l : 36, 0);
200
201 if(client->is_udp)
202 {
203 while (1)
204 {
205 rs = cs_recv(client->udp_fd, buf, l, 0);
206 if(rs < 0)
207 {
208 if(errno == EINTR)
209 {
210 continue; // try again in case of interrupt
211 }
212
213 if(errno == EAGAIN)
214 {
215 continue; // EAGAIN needs select procedure again
216 }
217
218 cs_log_dbg(client->typ == 'c' ? D_CLIENT : D_READER, "ERROR: %s (errno=%d %s)",
219 __func__, errno, strerror(errno));
220 break;
221 }
222 else
223 {
224 break;
225 }
226 }
227 }
228 else
229 {
230 int32_t tot = 36, readed = 0;
231 rs = 0;
232
233 do
234 {
235 readed = cs_recv(client->udp_fd, buf + rs, tot, 0);
236 if(readed < 0)
237 {
238 if(errno == EINTR)
239 {
240 continue; // try again in case of interrupt
241 }
242
243 if(errno == EAGAIN)
244 {
245 continue; // EAGAIN needs select procedure again
246 }
247
248 cs_log_dbg(client->typ == 'c' ? D_CLIENT : D_READER, "ERROR: %s (errno=%d %s)",
249 __func__, errno, strerror(errno));
250 break;
251 }
252
253 if(readed == 0) // nothing to read left!
254 {
255 rc = -5;
256 break;
257 }
258
259 if(readed > 0) // received something, add it!
260 {
261 tot -= readed;
262 rs += readed;
263 }
264 }
265 while(tot != 0);
266 }
267 }
268
269 if(rs < 36)
270 {
271 if(rc != -5)
272 {
273 rc = -1;
274 }
275
276 goto out;
277 }
278
279 break;
280 }
281
282 case 1:
283 {
284 switch(camd35_auth_client(client, buf))
285 {
286 case 0:
287 break; // ok
288
289 case 1:
290 rc = -2;
291 break; // unknown user
292
293 default:
294 rc = -9;
295 break; // error's from cs_auth()
296 }
297
298 memmove(buf, buf + 4, rs -= 4);
299 break;
300 }
301
302 case 2:
303 {
304 aes_decrypt(client->aes_keys, buf, rs);
305
306 if(rs != boundary(4, rs))
307 {
308 cs_log_dbg(client->typ == 'c' ? D_CLIENT : D_READER,
309 "WARNING: packet size has wrong decryption boundary");
310 }
311
312 n = (buf[0] == 3) ? 0x34 : 0;
313
314 // Fix for ECM request size > 255 (use ecm length field)
315 if(buf[0] == 0)
316 {
317 buflen = (((buf[21] & 0x0F) << 8) | buf[22]) + 3;
318 }
319 else if(buf[0] == 0x3D || buf[0] == 0x3E || buf[0] == 0x3F) // cacheex-push
320 {
321 buflen = buf[1] | (buf[2] << 8);
322 }
323 else
324 {
325 buflen = buf[1];
326 }
327
328 n = boundary(4, n + 20 + buflen);
329
330 if(!(client->is_udp && client->typ == 'c') && (rs < n) && ((n - 32) > 0))
331 {
332 //len = cs_recv(client->udp_fd, buf+32, n-32, 0); // read the rest of the packet
333
334 int32_t tot = n - 32;
335 int32_t readed = 0;
336 len = 0;
337
338 do
339 {
340 readed = cs_recv(client->udp_fd, buf + 32 + len, tot, 0); // read the rest of the packet
341 if(readed < 0)
342 {
343 if(errno == EINTR)
344 {
345 continue; // try again in case of interrupt
346 }
347
348 if(errno == EAGAIN)
349 {
350 continue; // EAGAIN needs select procedure again
351 }
352
353 cs_log_dbg(client->typ == 'c' ? D_CLIENT : D_READER, "ERROR: %s (errno=%d %s)",
354 __func__, errno, strerror(errno));
355 break;
356 }
357
358 if(readed == 0) // nothing to read left
359 {
360 break;
361 }
362
363 if(readed > 0) // received something, add it
364 {
365 tot -= readed;
366 len += readed;
367 }
368 }
369 while(tot != 0);
370
371
372 if(len > 0)
373 {
374 rs += len;
375 aes_decrypt(client->aes_keys, buf + 32, len);
376 }
377
378 if(len < 0)
379 {
380 rc = -1;
381 goto out;
382 }
383 }
384
385 cs_log_dump_dbg(client->typ == 'c' ? D_CLIENT : D_READER, buf, rs, "received %d bytes from %s",
386 rs, remote_txt());
387
388 if(n < rs)
389 {
390 cs_log_dbg(client->typ == 'c' ? D_CLIENT : D_READER, "ignoring %d bytes of garbage", rs - n);
391 }
392 else if(n > rs)
393 {
394 rc = -3;
395 }
396
397 break;
398 }
399
400 case 3:
401 {
402 if(crc32(0L, buf + 20, buflen) != b2i(4, buf + 4))
403 {
404 rc = -4;
405 }
406
407 if(!rc)
408 {
409 rc = n;
410 }
411
412 break;
413 }
414 }
415 }
416
417 out:
418 if((rs > 0) && ((rc == -1) || (rc == -2)))
419 {
420 cs_log_dump_dbg(client->typ == 'c' ? D_CLIENT : D_READER, buf, rs,
421 "received %d bytes from %s (native)", rs, remote_txt());
422 }
423
424 if(rc >= 0)
425 {
426 client->last = time(NULL); // last client action is now
427 }
428
429 switch(rc)
430 {
431 //case 0:
432 // break;
433
434 case -1:
435 cs_log("packet is too small (received %d bytes, expected %d bytes)", rs, l);
436 break;
437
438 case -2:
439 if(cs_auth_client(client, 0, "unknown user"))
440 {
441 cs_disconnect_client(client);
442 }
443 break;
444
445 case -3:
446 cs_log("incomplete request!");
447 break;
448
449 case -4:
450 cs_log("checksum error (wrong password?)");
451 break;
452
453 case -5:
454 cs_log_dbg(client->typ == 'c' ? D_CLIENT : D_READER, "connection closed");
455 break;
456
457 //default:
458 // cs_log_dbg(D_TRACE, "camd35_recv returns rc=%d", rc);
459 // break;
460 }
461
462 return (rc);
463 }
464
465 /*
466 * server functions
467 */
468
469 static void camd35_request_emm(ECM_REQUEST *er)
470 {
471 int32_t i;
472 time_t now;
473 uint8_t mbuf[1024];
474 struct s_client *cl = cur_client();
475 struct s_reader *aureader = NULL, *rdr = NULL;
476
477 if(er->selected_reader && !er->selected_reader->audisabled
478 && ll_contains(cl->aureader_list, er->selected_reader))
479 {
480 aureader = er->selected_reader;
481 }
482
483 if(!aureader && cl->aureader_list)
484 {
485 LL_ITER itr = ll_iter_create(cl->aureader_list);
486
487 while((rdr = ll_iter_next(&itr)))
488 {
489 if(emm_reader_match(rdr, er->caid, er->prid))
490 {
491 aureader = rdr;
492 break;
493 }
494 }
495 }
496
497 if(!aureader)
498 {
499 return; // TODO
500 }
501
502 uint16_t au_caid = aureader->caid;
503
504 // Bulcrypt has two caids and aureader->caid can't be used.
505 // Use ECM_REQUEST caid for AU.
506 if(!au_caid && caid_is_bulcrypt(er->caid))
507 {
508 au_caid = er->caid;
509 }
510
511 time(&now);
512
513 if(!memcmp(cl->lastserial, aureader->hexserial, 8))
514 {
515 if(llabs(now - cl->last) < 180)
516 {
517 return;
518 }
519 }
520
521 memcpy(cl->lastserial, aureader->hexserial, 8);
522 cl->last = now;
523
524 if(au_caid)
525 {
526 cl->disable_counter = 0;
527
528 cs_log("%s emm-request sent (reader=%s, caid=%04X, auprovid=%06X)", username(cur_client()),
529 aureader->label, au_caid, aureader->auprovid ? aureader->auprovid : b2i(4, aureader->prid[0]));
530 }
531 else if(cl->disable_counter > 2)
532 {
533 return;
534 }
535 else
536 {
537 cl->disable_counter++;
538 }
539
540 memset(mbuf, 0, sizeof(mbuf));
541 mbuf[2] = mbuf[3] = 0xFF; // must not be zero
542 i2b_buf(2, er->srvid, mbuf + 8);
543
544 // override request provid with auprovid if set in CMD05
545 if(aureader->auprovid)
546 {
547 if(aureader->auprovid != er->prid)
548 {
549 i2b_buf(4, aureader->auprovid, mbuf + 12);
550 }
551 else
552 {
553 i2b_buf(4, er->prid, mbuf + 12);
554 }
555 }
556 else
557 {
558 i2b_buf(4, er->prid, mbuf + 12);
559 }
560
561 i2b_buf(2, er->pid, mbuf + 16);
562 mbuf[0] = 5;
563 mbuf[1] = 111;
564
565 if(au_caid)
566 {
567 mbuf[39] = 1; // no. caids
568 mbuf[20] = au_caid >> 8; // caid's (max 8)
569 mbuf[21] = au_caid & 0xFF;
570 memcpy(mbuf + 40, aureader->hexserial, 6); // serial now 6 bytes
571 mbuf[47] = aureader->nprov;
572
573 for(i = 0; i < aureader->nprov; i++)
574 {
575 if(caid_is_betacrypt(au_caid) || caid_is_irdeto(au_caid))
576 {
577 mbuf[48 + (i * 5)] = aureader->prid[i][0];
578 memcpy(&mbuf[50 + (i * 5)], &aureader->prid[i][1], 3);
579 }
580 else
581 {
582 mbuf[48 + (i * 5)] = aureader->prid[i][2];
583 mbuf[49 + (i * 5)] = aureader->prid[i][3];
584 memcpy(&mbuf[50 + (i * 5)], &aureader->sa[i][0], 4); // for conax we need at least 4 bytes
585 }
586 }
587
588 // we think client/server protocols should deliver
589 // all information, and only readers should discard EMM
590 mbuf[128] = (aureader->blockemm & EMM_GLOBAL && !(aureader->saveemm & EMM_GLOBAL)) ? 0 : 1;
591 mbuf[129] = (aureader->blockemm & EMM_SHARED && !(aureader->saveemm & EMM_SHARED)) ? 0 : 1;
592 mbuf[130] = (aureader->blockemm & EMM_UNIQUE && !(aureader->saveemm & EMM_UNIQUE)) ? 0 : 1;
593 mbuf[127] = (aureader->blockemm & EMM_UNKNOWN && !(aureader->saveemm & EMM_UNKNOWN)) ? 0 : 1;
594 }
595 else // disable emm
596 {
597 mbuf[20] = mbuf[39] = mbuf[40] = mbuf[47] = mbuf[49] = 1;
598 }
599
600 memcpy(mbuf + 10, mbuf + 20, 2);
601 camd35_send(cl, mbuf, 0); // send with data-len 111 for camd3 > 3.890
602 mbuf[1]++;
603 camd35_send(cl, mbuf, 0); // send with data-len 112 for camd3 < 3.890
604 }
605
606 static void camd35_send_dcw(struct s_client *client, ECM_REQUEST *er)
607 {
608 uint8_t *buf;
609 buf = er->src_data; // get orig request
610
611 if(!buf)
612 {
613 rdr_log(client->reader, "ERROR: src_data missing");
614 return;
615 }
616
617 if(er->rc == E_INVALID && !client->c35_suppresscmd08) // send normal CMD08
618 {
619 buf[0] = 0x08;
620 buf[1] = 2;
621 memset(buf + 20, 0, buf[1]);
622 buf[22] = er->rc; // put rc in byte 22 - hopefully don't break legacy camd3
623 }
624 else if(er->rc == E_STOPPED) // send sleep CMD08
625 {
626 buf[0] = 0x08;
627 buf[1] = 2;
628 buf[20] = 0;
629 buf[21] = 0xFF;
630
631 cs_log("%s stop request send", client->account->usr);
632 }
633 else
634 {
635 // Send CW
636 if((er->rc < E_NOTFOUND) || (er->rc == E_FAKE))
637 {
638 if(buf[0] == 3)
639 {
640 memmove(buf + 20 + 16, buf + 20 + buf[1], 0x34);
641 }
642
643 buf[0]++; // ecm response (CMD01 or CMD04)
644 buf[1] = 16;
645 camd35_cacheex_init_dcw(client, er);
646 memcpy(buf + 20, er->cw, buf[1]);
647 }
648 else
649 {
650 // Send old CMD44 to prevent cascading
651 // problems with older mpcs/oscam versions
652 buf[0] = 0x44;
653 buf[1] = 0;
654 }
655 }
656
657 camd35_send(client, buf, 0);
658 camd35_request_emm(er);
659 }
660
661 static void camd35_process_ecm(uint8_t *buf, int buflen)
662 {
663 ECM_REQUEST *er;
664
665 if(!buf || buflen < 23)
666 {
667 return;
668 }
669
670 uint16_t ecmlen = SCT_LEN((&buf[20]));
671
672 if(ecmlen > MAX_ECM_SIZE || ecmlen + 20 > buflen || ecmlen < 4)
673 {
674 return;
675 }
676
677 if(!(er = get_ecmtask()))
678 {
679 return;
680 }
681
682 er->ecmlen = ecmlen;
683
684 if(!cs_malloc(&er->src_data, 0x34 + 20 + er->ecmlen))
685 {
686 NULLFREE(er);
687 return;
688 }
689
690 memcpy(er->src_data, buf, 0x34 + 20 + er->ecmlen); // save request
691 er->srvid = b2i(2, buf + 8);
692 er->caid = b2i(2, buf + 10);
693 er->prid = b2i(4, buf + 12);
694 //er->idx = b2i(2, buf + 16); // ecmtask idx (see camd35_recv_chk)
695 memcpy(er->ecm, buf + 20, er->ecmlen);
696
697 get_cw(cur_client(), er);
698 }
699
700 static void camd35_process_emm(uint8_t *buf, int buflen, int emmlen)
701 {
702 EMM_PACKET epg;
703
704 if(!buf || buflen < 20 || emmlen + 20 > buflen)
705 {
706 return;
707 }
708
709 memset(&epg, 0, sizeof(epg));
710
711 epg.emmlen = emmlen;
712 if(epg.emmlen < 3 || epg.emmlen > MAX_EMM_SIZE)
713 {
714 return;
715 }
716
717 memcpy(epg.caid, buf + 10, 2);
718 memcpy(epg.provid, buf + 12 , 4);
719 memcpy(epg.emm, buf + 20, epg.emmlen);
720
721 do_emm(cur_client(), &epg);
722 }
723
724 int32_t camd35_tcp_connect(struct s_client *cl)
725 {
726 if(cl->is_udp) // check for udp client
727 {
728 if(!IP_ISSET(SIN_GET_ADDR(cl->udp_sa))) // check ip is set
729 {
730 if(!(hostResolve(cl->reader))) // no ip -> try to resolve ip of client
731 {
732 network_tcp_connection_close(cl->reader, "no ip");
733 return 0;
734 }
735 }
736 }
737
738 if(!cl->reader->tcp_connected) // client not connected
739 {
740 int32_t handle = 0;
741 handle = network_tcp_connection_open(cl->reader); // try to connect
742 if(handle < 0) // got no handle -> error!
743 {
744 cl->reader->last_s = 0; // set last send to zero
745 cl->reader->last_g = 0; // set last receive to zero
746 cl->last = 0; // set last client action to zero
747
748 return 0;
749 }
750
751 cl->reader->tcp_connected = 1;
752 cl->reader->card_status = CARD_INSERTED;
753 cl->reader->last_s = time(NULL); // reset last send
754 cl->reader->last_g = time(NULL); // reset last receive
755 cl->last = time(NULL); // reset last client action
756 cl->pfd = cl->udp_fd = handle;
757 }
758
759 if(!cl->udp_fd) // Check if client has no handle -> error
760 {
761 return 0;
762 }
763
764 // check if client reached timeout
765 if(cl->reader->tcp_rto && (cl->reader->last_s - cl->reader->last_g > cl->reader->tcp_rto))
766 {
767 if(!cl->is_udp) // tcp on timeout disconnect reader
768 {
769 network_tcp_connection_close(cl->reader, "rto");
770 return 0;
771 }
772 else //udp check to discover ip change on dynamic ip servers
773 {
774 IN_ADDR_T last_ip;
775 IP_ASSIGN(last_ip, cl->ip);
776
777 if(!hostResolve(cl->reader))
778 {
779 network_tcp_connection_close(cl->reader, "no ip");
780 return 0;
781 }
782
783 if(!IP_EQUAL(last_ip, cl->ip))
784 {
785 network_tcp_connection_close(cl->reader, "ip change");
786 return 0;
787 }
788 }
789 }
790
791 return 1; // all ok
792 }
793
794 /*
795 * client functions
796 */
797
798 static void camd35_send_keepalive(struct s_client *cl)
799 {
800 if(cl->reader)
801 {
802 if(camd35_tcp_connect(cl))
803 {
804 if(cacheex_get_rdr_mode(cl->reader) > 1)
805 {
806 camd35_cacheex_push_request_remote_id(cl);
807 return;
808 }
809
810 uint8_t rbuf[32]; // minimal size
811 memset(rbuf, 0, sizeof(rbuf));
812
813 rbuf[0] = 55;
814 rbuf[1] = 1;
815 rbuf[2] = 0;
816
817 camd35_send(cl, rbuf, 1); // send adds +20
818 }
819 }
820 }
821
822 static void camd35_send_keepalive_answer(struct s_client *cl)
823 {
824 if(check_client(cl) && cl->account)
825 {
826 uint8_t rbuf[32]; // minimal size
827 memset(rbuf, 0, sizeof(rbuf));
828
829 rbuf[0] = 55;
830 rbuf[1] = 1;
831 rbuf[2] = 0;
832
833 camd35_send(cl, rbuf, 1); // send adds +20
834 }
835 }
836
837 static int32_t camd35_client_init(struct s_client *cl)
838 {
839 uint8_t md5tmp[MD5_DIGEST_LENGTH];
840 int32_t no_delay = 1;
841
842 cs_strncpy((char *)cl->upwd, cl->reader->r_pwd, sizeof(cl->upwd));
843 i2b_buf(4, crc32(0L, MD5((uint8_t *)cl->reader->r_usr, strlen(cl->reader->r_usr), md5tmp), 16), cl->ucrc);
844
845 if(!aes_set_key_alloc(&cl->aes_keys, (char *)MD5(cl->upwd, strlen((char *)cl->upwd), md5tmp)))
846 {
847 return 1;
848 }
849
850 cl->crypted = 1;
851
852 rdr_log(cl->reader, "proxy %s:%d", cl->reader->device, cl->reader->r_port);
853
854 if(!cl->is_udp && cacheex_get_rdr_mode(cl->reader) < 2)
855 {
856 setsockopt(cl->udp_fd, IPPROTO_TCP, TCP_NODELAY, (void *)&no_delay, sizeof(no_delay));
857 }
858
859 if(cl->reader->keepalive)
860 {
861 camd35_send_keepalive(cl);
862 }
863
864 if(cacheex_get_rdr_mode(cl->reader) == 2)
865 {
866 camd35_cacheex_send_push_filter(cl, 2);
867 }
868
869 return 0;
870 }
871
872 static void camd35_idle(void)
873 {
874 struct s_client *cl = cur_client();
875
876 if(!cl->reader)
877 {
878 return;
879 }
880
881 if(cl->reader->keepalive)
882 {
883 camd35_send_keepalive(cl);
884 }
885 else if(cl->reader->tcp_ito > 0) // only check if user added an inactivity timeout
886 {
887 // inactivity timeout check
888 time_t now;
889 int32_t time_diff;
890
891 time(&now);
892 time_diff = llabs(now - cl->reader->last_s);
893
894 if(time_diff > cl->reader->tcp_ito)
895 {
896 if(check_client(cl) && cl->reader->tcp_connected && cl->reader->ph.type == MOD_CONN_TCP)
897 {
898 rdr_log_dbg(cl->reader, D_READER, "inactive_timeout, close connection (fd=%d)", cl->pfd);
899 network_tcp_connection_close(cl->reader, "inactivity");
900 }
901 else
902 {
903 cl->reader->last_s = now;
904 }
905 }
906 }
907 }
908
909 static void *camd35_server(struct s_client *client, uint8_t *mbuf, int32_t n)
910 {
911 if(!client || !mbuf)
912 {
913 return NULL;
914 }
915
916 if(client->reader)
917 {
918 client->reader->last_g = time(NULL); // last receive is now
919
920 if(mbuf[0] == 6 || mbuf[0] == 19) // check for emm command
921 {
922 // fixup: last send is now (if client is only
923 // sending emms, connection would be dropped!)
924 client->reader->last_s = time(NULL);
925 }
926
927 rdr_log(client->reader, "SERVER last = %d, last_s = %d, last_g = %d",
928 (int) client->last, (int) client->reader->last_s, (int) client->reader->last_g);
929 }
930
931 client->last = time(NULL); // last client action is now
932
933 switch(mbuf[0])
934 {
935 case 0: // ECM
936 case 3: // ECM (cascading)
937 camd35_process_ecm(mbuf, n);
938 break;
939
940 case 6: // EMM
941 case 19: // EMM
942 if(n > 2)
943 {
944 camd35_process_emm(mbuf, n, mbuf[1]);
945 }
946 break;
947
948 case 55:
949 camd35_send_keepalive_answer(client); // keepalive msg
950 break;
951
952 default:
953 if(!camd35_cacheex_server(client, mbuf))
954 {
955 cs_log("unknown [cs357x/cs378x] command from %s! (%d) n=%d", username(client), mbuf[0], n);
956 }
957 }
958
959 return NULL;
960 }
961
962 static int32_t camd35_send_ecm(struct s_client *client, ECM_REQUEST *er)
963 {
964 static const char *typtext[] = { "ok", "invalid", "sleeping" };
965
966 if(client->stopped)
967 {
968 if(er->srvid == client->lastsrvid && er->caid == client->lastcaid)
969 {
970 cs_log("%s is stopped - requested by server (%s)", client->reader->label, typtext[client->stopped]);
971 return -1;
972 }
973 else
974 {
975 client->stopped = 0;
976 }
977 }
978
979 client->lastsrvid = er->srvid;
980 client->lastcaid = er->caid;
981 client->lastpid = er->pid;
982
983 if(!camd35_tcp_connect(client))
984 {
985 return -1;
986 }
987
988 client->reader->card_status = CARD_INSERTED; // for udp
989
990 uint8_t *buf;
991 if(!cs_malloc(&buf, 20 + er->ecmlen + 15))
992 {
993 return -1;
994 }
995
996 memset(buf, 0, 20);
997 memset(buf + 20, 0xFF, er->ecmlen + 15);
998
999 buf[1] = er->ecmlen;
1000 i2b_buf(2, er->srvid, buf + 8);
1001 i2b_buf(2, er->caid, buf + 10);
1002 i2b_buf(4, er->prid, buf + 12);
1003 i2b_buf(2, er->idx, buf + 16);
1004 buf[18] = 0xFF;
1005 buf[19] = 0xFF;
1006 memcpy(buf + 20, er->ecm, er->ecmlen);
1007
1008 int32_t rc = (camd35_send(client, buf, 0) < 1) ? -1 : 0;
1009
1010 NULLFREE(buf);
1011 return rc;
1012 }
1013
1014 static int32_t camd35_send_emm(EMM_PACKET *ep)
1015 {
1016 uint8_t *buf;
1017 struct s_client *cl = cur_client();
1018
1019 if(!camd35_tcp_connect(cl))
1020 {
1021 return 0;
1022 }
1023
1024 cl->reader->card_status = CARD_INSERTED; // for udp
1025
1026 if(!cs_malloc(&buf, ep->emmlen + 20 + 15))
1027 {
1028 return -1;
1029 }
1030
1031 memset(buf, 0, 20);
1032 memset(buf + 20, 0xFF, ep->emmlen + 15);
1033
1034 buf[0] = 0x06;
1035 buf[1] = ep->emmlen;
1036 memcpy(buf + 10, ep->caid, 2);
1037 memcpy(buf + 12, ep->provid, 4);
1038 memcpy(buf + 20, ep->emm, ep->emmlen);
1039
1040 int32_t rc = (camd35_send_without_timeout(cl, buf, 0) < 1) ? 0 : 1;
1041
1042 NULLFREE(buf);
1043 return rc;
1044 }
1045
1046 static int32_t camd35_recv_chk(struct s_client *client, uint8_t *dcw, int32_t *rc, uint8_t *buf, int32_t rc2 __attribute__((unused)))
1047 {
1048 uint16_t idx;
1049 static const char *typtext[] = { "ok", "invalid", "sleeping" };
1050 struct s_reader *rdr = client->reader;
1051
1052 rdr->last_g = time(NULL); // last receive is now
1053
1054 // reading CMD05 Emm request and set serial
1055 if(buf[0] == 0x05 && buf[1] == 111)
1056 {
1057 //cs_log("CMD05: %s", cs_hexdump(1, buf, buf[1], tmp, sizeof(tmp)));
1058
1059 rdr->nprov = 0; // reset if number changes on reader change
1060 rdr->nprov = buf[47];
1061 rdr->caid = b2i(2, buf + 20);
1062
1063 int32_t i;
1064 for(i = 0; i < rdr->nprov; i++)
1065 {
1066 if(caid_is_betacrypt(rdr->caid) || caid_is_irdeto(rdr->caid))
1067 {
1068 rdr->prid[i][0] = buf[48 + (i * 5)];
1069 memcpy(&rdr->prid[i][1], &buf[50 + (i * 5)], 3);
1070 }
1071 else
1072 {
1073 rdr->prid[i][2] = buf[48 + (i * 5)];
1074 rdr->prid[i][3] = buf[49 + (i * 5)];
1075 memcpy(&rdr->sa[i][0], &buf[50 + (i * 5)], 4);
1076 }
1077 }
1078
1079 memcpy(rdr->hexserial, buf + 40, 6);
1080 rdr->hexserial[6] = 0;
1081 rdr->hexserial[7] = 0;
1082
1083 if(cfg.getblockemmauprovid)
1084 {
1085 rdr->blockemm = 0;
1086 rdr->blockemm |= (buf[128] == 1) ? 0 : EMM_GLOBAL;
1087 rdr->blockemm |= (buf[129] == 1) ? 0 : EMM_SHARED;
1088 rdr->blockemm |= (buf[130] == 1) ? 0 : EMM_UNIQUE;
1089 rdr->blockemm |= (buf[127] == 1) ? 0 : EMM_UNKNOWN;
1090 rdr->auprovid = b2i(4, buf + 12);
1091 }
1092
1093 cs_log("%s CMD05 AU request for caid: %04X auprovid: %06X",
1094 rdr->label, rdr->caid, rdr->auprovid);
1095 }
1096
1097 bool rc_invalid = 0;
1098
1099 if(buf[0] == 0x08 && ((rdr->ph.type == MOD_CONN_TCP && !cfg.c35_tcp_suppresscmd08)
1100 || (rdr->ph.type == MOD_CONN_UDP && !cfg.c35_udp_suppresscmd08)))
1101 {
1102 if(buf[21] == 0xFF)
1103 {
1104 client->stopped = 2; // server says sleep
1105 rdr->card_status = NO_CARD;
1106 }
1107 else
1108 {
1109 if(config_enabled(WITH_LB) && cfg.lb_mode)
1110 {
1111 rc_invalid = 1;
1112 }
1113 else
1114 {
1115 client->stopped = 1; // server says invalid
1116 rdr->card_status = CARD_FAILURE;
1117 }
1118 }
1119
1120 cs_log("%s CMD08 (%02X - %d) stop request by server (%s)",
1121 rdr->label, buf[21], buf[21], typtext[client->stopped]);
1122 }
1123
1124 if(camd35_cacheex_recv_chk(client, buf))
1125 {
1126 return -1;
1127 }
1128
1129 if(buf[0] == 55) // keepalive answer
1130 {
1131 return -1;
1132 }
1133
1134 // CMD44: old reject command introduced in mpcs
1135 // keeping this for backward compatibility
1136 if((buf[0] != 1) && (buf[0] != 0x44) && (buf[0] != 0x08))
1137 {
1138 return -1;
1139 }
1140
1141 idx = b2i(2, buf + 16);
1142 camd35_cacheex_recv_ce1_cwc_info(client, buf, idx);
1143
1144 *rc = ((buf[0] != 0x44) && (buf[0] != 0x08));
1145
1146 if(rc_invalid)
1147 {
1148 *rc = 2; // INVALID sent by CMD08
1149 }
1150
1151 memcpy(dcw, buf + 20, 16);
1152
1153 return idx;
1154 }
1155
1156 /*
1157 * module definitions
1158 */
1159 #ifdef MODULE_CAMD35
1160 void module_camd35(struct s_module *ph)
1161 {
1162 ph->ptab.nports = 1;
1163 ph->ptab.ports[0].s_port = cfg.c35_port;
1164
1165 ph->desc = "cs357x";
1166 ph->type = MOD_CONN_UDP;
1167 ph->large_ecm_support = 1;
1168 ph->listenertype = LIS_CAMD35UDP;
1169 IP_ASSIGN(ph->s_ip, cfg.c35_srvip);
1170 ph->s_handler = camd35_server;
1171 ph->recv = camd35_recv;
1172 ph->send_dcw = camd35_send_dcw;
1173 ph->c_init = camd35_client_init;
1174 ph->c_recv_chk = camd35_recv_chk;
1175 ph->c_send_ecm = camd35_send_ecm;
1176 ph->c_send_emm = camd35_send_emm;
1177 ph->c_idle = camd35_idle;
1178 camd35_cacheex_module_init(ph);
1179 ph->num = R_CAMD35;
1180 }
1181 #endif
1182
1183 #ifdef MODULE_CAMD35_TCP
1184 void module_camd35_tcp(struct s_module *ph)
1185 {
1186 ph->desc = "cs378x";
1187 ph->type = MOD_CONN_TCP;
1188 ph->large_ecm_support = 1;
1189 ph->listenertype = LIS_CAMD35TCP;
1190 ph->ptab = cfg.c35_tcp_ptab;
1191 IP_ASSIGN(ph->s_ip, cfg.c35_tcp_srvip);
1192 ph->s_handler = camd35_server;
1193 ph->recv = camd35_recv;
1194 ph->send_dcw = camd35_send_dcw;
1195 ph->c_init = camd35_client_init;
1196 ph->c_recv_chk = camd35_recv_chk;
1197 ph->c_send_ecm = camd35_send_ecm;
1198 ph->c_send_emm = camd35_send_emm;
1199 ph->c_idle = camd35_idle;
1200 camd35_cacheex_module_init(ph);
1201 ph->num = R_CS378X;
1202 }
1203 #endif
1204
1205 #endif
Open Source Conditional Access Modul