search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[gbx] - more generalized routing info in cw msg
[oscam.git] / oscam-chk.c
blob21e81d85a23e1c8ba48e997926006dbb3df8d0eb
1 #define MODULE_LOG_PREFIX "chk"
2
3 #include "globals.h"
4 #include "oscam-cache.h"
5 #include "oscam-chk.h"
6 #include "oscam-ecm.h"
7 #include "oscam-client.h"
8 #include "oscam-lock.h"
9 #include "oscam-net.h"
10 #include "oscam-string.h"
11 #include "module-stat.h"
12 #include "oscam-reader.h"
13
14 #define CS_NANO_CLASS 0xE2
15 #define OK 1
16 #define ERROR 0
17
18 uint32_t get_fallbacktimeout(uint16_t caid)
19 {
20 uint32_t ftimeout = caidvaluetab_get_value(&cfg.ftimeouttab, caid, 0);
21
22 if(ftimeout == 0) { ftimeout = cfg.ftimeout; }
23
24 if(ftimeout < 100) { ftimeout = CS_CLIENT_TIMEOUT / 2; }
25 if(ftimeout >= cfg.ctimeout) { ftimeout = cfg.ctimeout - 100; }
26
27 return ftimeout;
28 }
29
30 static int32_t find_nano(uint8_t *ecm, int32_t l, uint8_t nano, int32_t s)
31 {
32 uint8_t *snano;
33
34 if(s >= l) { return 0; }
35 if(!s) { s = (ecm[4] == 0xD2) ? 12 : 9; } // tpsflag -> offset+3
36 snano = ecm + s;
37
38 while((*snano != nano) && (s < l))
39 {
40 if(*snano == 0xEA) { return 0; }
41 snano++;
42 s++;
43 }
44
45 return (s < l) ? ++s : 0;
46 }
47
48 static int32_t chk_class(ECM_REQUEST *er, CLASSTAB *clstab, const char *type, const char *name)
49 {
50 int32_t i, j, an, cl_n, l;
51 uint8_t ecm_class;
52
53 if(er->caid != 0x0500 && er->caid != 0x4AE1) { return 1; }
54 if(!clstab->bn && !clstab->an) { return 1; }
55
56 j = an = cl_n = l = 0;
57
58 if(er->caid == 0x0500)
59 {
60 while((j = find_nano(er->ecm, er->ecmlen, CS_NANO_CLASS, j)) > 0)
61 {
62 l = er->ecm[j];
63 if(l + j > er->ecmlen) { continue; } // skip, this is not a valid class identifier!
64
65 ecm_class = er->ecm[j + l];
66 cs_log_dbg(D_CLIENT, "ecm class=%02X", ecm_class);
67
68 for(i = 0; i < clstab->bn; i++) // search in blocked
69 {
70 if(ecm_class == clstab->bclass[i])
71 {
72 cs_log_dbg(D_CLIENT, "class %02X rejected by %s '%s' !%02X filter",
73 ecm_class, type, name, ecm_class);
74 return 0;
75 }
76 }
77 cl_n++;
78
79 for(i = 0; i < clstab->an; i++) // search in allowed
80 {
81 if(ecm_class == clstab->aclass[i])
82 {
83 an++;
84 break;
85 }
86 }
87 j += l;
88 }
89 }
90 else
91 {
92 if(er->prid != 0x11 || er->ecm[0] == 0) { return 1; }
93
94 cl_n++;
95 ecm_class = er->ecm[5];
96 cs_log_dbg(D_CLIENT, "ecm class=%02X", ecm_class);
97
98 for(i = 0; i < clstab->bn; i++) // search in blocked
99 {
100 if(ecm_class == clstab->bclass[i])
101 {
102 cs_log_dbg(D_CLIENT, "class %02X rejected by %s '%s' !%02X filter",
103 ecm_class, type, name, ecm_class);
104 return 0;
105 }
106 }
107
108 for(i = 0; i < clstab->an; i++) // search in allowed
109 {
110 if(ecm_class == clstab->aclass[i])
111 {
112 an++;
113 break;
114 }
115 }
116 }
117
118 if(cl_n && clstab->an)
119 {
120 if(an)
121 { cs_log_dbg(D_CLIENT, "ECM classes allowed by %s '%s' filter", type, name); }
122 else
123 {
124 cs_log_dbg(D_CLIENT, "ECM classes don't match %s '%s' filter, rejecting", type, name);
125 return 0;
126 }
127 }
128
129 return 1;
130 }
131
132 int32_t chk_srvid_match(ECM_REQUEST *er, SIDTAB *sidtab)
133 {
134 int32_t i, rc = 0;
135
136 if(!sidtab->num_caid)
137 { rc |= 1; }
138 else
139 for(i = 0; (i < sidtab->num_caid) && (!(rc & 1)); i++)
140 if(er->caid == sidtab->caid[i]) { rc |= 1; }
141
142 if(!er->prid || !sidtab->num_provid)
143 { rc |= 2; }
144 else
145 for(i = 0; (i < sidtab->num_provid) && (!(rc & 2)); i++)
146 if(er->prid == sidtab->provid[i]) { rc |= 2; }
147
148 if(!sidtab->num_srvid)
149 { rc |= 4; }
150 else
151 for(i = 0; (i < sidtab->num_srvid) && (!(rc & 4)); i++)
152 if(er->srvid == sidtab->srvid[i]) { rc |= 4; }
153
154 return (rc == 7);
155 }
156
157 int32_t chk_srvid(struct s_client *cl, ECM_REQUEST *er)
158 {
159 int32_t nr, rc = 0;
160 SIDTAB *sidtab;
161
162 if(!cl->sidtabs.ok)
163 {
164 if(!cl->sidtabs.no) { return (1); }
165 rc = 1;
166 }
167
168 for(nr = 0, sidtab = cfg.sidtab; sidtab; sidtab = sidtab->next, nr++)
169 {
170 if(sidtab->num_caid | sidtab->num_provid | sidtab->num_srvid)
171 {
172 if((cl->sidtabs.no & ((SIDTABBITS)1 << nr)) && (chk_srvid_match(er, sidtab)))
173 { return (0); }
174
175 if((cl->sidtabs.ok & ((SIDTABBITS)1 << nr)) && (chk_srvid_match(er, sidtab)))
176 { rc = 1; }
177 }
178 }
179 return (rc);
180 }
181
182 int32_t has_srvid(struct s_client *cl, ECM_REQUEST *er)
183 {
184 if(!cl->sidtabs.ok)
185 { return 0; }
186
187 int32_t nr;
188 SIDTAB *sidtab;
189
190 for(nr = 0, sidtab = cfg.sidtab; sidtab; sidtab = sidtab->next, nr++)
191 {
192 if(sidtab->num_srvid)
193 {
194 if((cl->sidtabs.ok & ((SIDTABBITS)1 << nr)) && (chk_srvid_match(er, sidtab)))
195 { return 1; }
196 }
197 }
198 return 0;
199 }
200
201 int32_t has_lb_srvid(struct s_client *cl, ECM_REQUEST *er)
202 {
203 if(!cl->lb_sidtabs.ok)
204 { return 0; }
205
206 int32_t nr;
207 SIDTAB *sidtab;
208
209 for(nr = 0, sidtab = cfg.sidtab; sidtab; sidtab = sidtab->next, nr++)
210 {
211 if((cl->lb_sidtabs.ok & ((SIDTABBITS)1 << nr)) && (chk_srvid_match(er, sidtab)))
212 { return 1; }
213 }
214 return 0;
215 }
216
217 int32_t chk_srvid_match_by_caid_prov(uint16_t caid, uint32_t provid, SIDTAB *sidtab)
218 {
219 int32_t i, rc = 0;
220
221 if(!sidtab->num_caid)
222 { rc |= 1; }
223 else
224 for(i = 0; (i < sidtab->num_caid) && (!(rc & 1)); i++)
225 if(caid == sidtab->caid[i]) { rc |= 1; }
226
227 if(!sidtab->num_provid)
228 { rc |= 2; }
229 else
230 for(i = 0; (i < sidtab->num_provid) && (!(rc & 2)); i++)
231 if(provid == sidtab->provid[i]) { rc |= 2; }
232
233 return (rc == 3);
234 }
235
236 int32_t chk_srvid_by_caid_prov(struct s_client *cl, uint16_t caid, uint32_t provid)
237 {
238 int32_t nr, rc = 0;
239 SIDTAB *sidtab;
240
241 if(!cl->sidtabs.ok)
242 {
243 if(!cl->sidtabs.no) { return (1); }
244 rc = 1;
245 }
246
247 for(nr = 0, sidtab = cfg.sidtab; sidtab; sidtab = sidtab->next, nr++)
248 {
249 if(sidtab->num_caid | sidtab->num_provid)
250 {
251 if((cl->sidtabs.no & ((SIDTABBITS)1 << nr)) && !sidtab->num_srvid &&
252 (chk_srvid_match_by_caid_prov(caid, provid, sidtab)))
253 { return (0); }
254
255 if((cl->sidtabs.ok & ((SIDTABBITS)1 << nr)) &&
256 (chk_srvid_match_by_caid_prov(caid, provid, sidtab)))
257 { rc = 1; }
258 }
259 }
260 return (rc);
261 }
262
263 int32_t chk_srvid_by_caid_prov_rdr(struct s_reader *rdr, uint16_t caid, uint32_t provid)
264 {
265 int32_t nr, rc = 0;
266 SIDTAB *sidtab;
267
268 if(!rdr->sidtabs.ok)
269 {
270 if(!rdr->sidtabs.no) { return (1); }
271 rc = 1;
272 }
273
274 for(nr = 0, sidtab = cfg.sidtab; sidtab; sidtab = sidtab->next, nr++)
275 {
276 if(sidtab->num_caid | sidtab->num_provid)
277 {
278 if((rdr->sidtabs.no & ((SIDTABBITS)1 << nr)) && !sidtab->num_srvid &&
279 (chk_srvid_match_by_caid_prov(caid, provid, sidtab)))
280 { return (0); }
281
282 if((rdr->sidtabs.ok & ((SIDTABBITS)1 << nr)) &&
283 (chk_srvid_match_by_caid_prov(caid, provid, sidtab)))
284 { rc = 1; }
285 }
286 }
287 return (rc);
288 }
289
290 int32_t chk_is_betatunnel_caid(uint16_t caid)
291 {
292 if(caid == 0x1702 || caid == 0x1722) { return 1; }
293 if(caid == 0x1801 || caid == 0x1833 || caid == 0x1834 || caid == 0x1835) { return 2; }
294 return 0;
295 }
296
297 uint16_t chk_on_btun(uint8_t chk_sx, struct s_client *cl, ECM_REQUEST *er)
298 {
299 if(chk_is_betatunnel_caid(er->caid))
300 {
301 int32_t i;
302 TUNTAB *ttab;
303 ttab = &cl->ttab;
304
305 if(ttab->ttdata)
306 {
307 for(i = 0; i < ttab->ttnum; i++)
308 {
309 if(er->caid == ttab->ttdata[i].bt_caidfrom)
310 {
311 if(er->srvid == ttab->ttdata[i].bt_srvid) { return ttab->ttdata[i].bt_caidto; }
312 if(chk_sx && ttab->ttdata[i].bt_srvid == 0xFFFF) { return ttab->ttdata[i].bt_caidto; }
313 if(!chk_sx && !ttab->ttdata[i].bt_srvid) { return ttab->ttdata[i].bt_caidto; }
314 }
315 }
316 }
317
318 if(chk_sx)
319 return lb_get_betatunnel_caid_to(er);
320 }
321 return 0;
322 }
323
324 // server filter for newcamd
325 int32_t chk_sfilter(ECM_REQUEST *er, PTAB *ptab)
326 {
327 #ifdef MODULE_NEWCAMD
328 int32_t i, j, pi, rc = 1;
329 uint16_t caid, scaid;
330 uint32_t prid, sprid;
331
332 if(!ptab) { return (1); }
333 struct s_client *cur_cl = cur_client();
334
335 caid = er->caid;
336 prid = er->prid;
337 pi = cur_cl->port_idx;
338
339 if(cfg.ncd_mgclient)
340 { return 1; }
341
342 if(ptab->nports && ptab->ports[pi].ncd && ptab->ports[pi].ncd->ncd_ftab.nfilts)
343 {
344 for(rc = j = 0; (!rc) && (j < ptab->ports[pi].ncd->ncd_ftab.nfilts); j++)
345 {
346 scaid = ptab->ports[pi].ncd->ncd_ftab.filts[j].caid;
347 if(caid == 0 || (caid != 0 && caid == scaid))
348 {
349 for(i = 0; (!rc) && i < ptab->ports[pi].ncd->ncd_ftab.filts[j].nprids; i++)
350 {
351 sprid = ptab->ports[pi].ncd->ncd_ftab.filts[j].prids[i];
352 cs_log_dbg(D_CLIENT, "trying server filter %04X@%06X", scaid, sprid);
353 if(prid == sprid)
354 {
355 rc = 1;
356 cs_log_dbg(D_CLIENT, "%04X@%06X allowed by server filter %04X@%06X",
357 caid, prid, scaid, sprid);
358 }
359 }
360 }
361 }
362
363 if(!rc)
364 {
365 cs_log_dbg(D_CLIENT, "no match, %04X@%06X rejected by server filters", caid, prid);
366 snprintf(er->msglog, MSGLOGSIZE, "no server match %04X@%06X", caid, (uint32_t) prid);
367
368 if(!er->rcEx) { er->rcEx = (E1_LSERVER << 4) | E2_IDENT; }
369 return (rc);
370 }
371 }
372 return (rc);
373 #else
374 (void)er;
375 (void)ptab;
376 return 1;
377 #endif
378 }
379
380 static int32_t chk_chid(ECM_REQUEST *er, FTAB *fchid, char *type, char *name)
381 {
382 int32_t rc = 1, i, j, found_caid = 0;
383 if(!fchid->nfilts) { return 1; }
384 if(er->chid == 0 && er->ecm[0] == 0) { return 1; } // skip empty ecm, chid 00 to avoid no matching readers in dvbapi
385
386 for(i = rc = 0; (!rc) && i < fchid->nfilts; i++)
387 {
388 if(er->caid == fchid->filts[i].caid)
389 {
390 found_caid = 1;
391 for(j = 0; (!rc) && j < fchid->filts[i].nprids; j++)
392 {
393 cs_log_dbg(D_CLIENT, "trying %s '%s' CHID filter %04X:%04X",
394 type, name, fchid->filts[i].caid, fchid->filts[i].prids[j]);
395
396 if(er->chid == fchid->filts[i].prids[j])
397 {
398 cs_log_dbg(D_CLIENT, "%04X:%04X allowed by %s '%s' CHID filter %04X:%04X",
399 er->caid, er->chid, type, name, fchid->filts[i].caid, fchid->filts[i].prids[j]);
400 rc = 1;
401 }
402 }
403 }
404 }
405
406 if(!rc)
407 {
408 if(found_caid)
409 cs_log_dbg(D_CLIENT, "no match, %04X:%04X rejected by %s '%s' CHID filter(s)",
410 er->caid, er->chid, type, name);
411 else
412 {
413 rc = 1;
414 cs_log_dbg(D_CLIENT, "%04X:%04X allowed by %s '%s' CHID filter, CAID not spezified",
415 er->caid, er->chid, type, name);
416 }
417 }
418 return (rc);
419 }
420
421 int32_t chk_ident_filter(uint16_t rcaid, uint32_t rprid, FTAB *ftab)
422 {
423 int32_t i, j, rc = 1;
424 uint16_t caid = 0;
425 uint32_t prid = 0;
426
427 if(ftab->nfilts)
428 {
429 for(rc = i = 0; (!rc) && (i < ftab->nfilts); i++)
430 {
431 caid = ftab->filts[i].caid;
432 if((caid != 0 && caid == rcaid) || caid == 0)
433 {
434 for(j = 0; (!rc) && (j < ftab->filts[i].nprids); j++)
435 {
436 prid = ftab->filts[i].prids[j];
437 if(prid == rprid)
438 {
439 rc=1;
440 }
441 }
442 }
443 }
444
445 if(!rc)
446 { return 0; }
447 }
448
449 return(rc);
450 }
451
452 int32_t chk_ufilters(ECM_REQUEST *er)
453 {
454 int32_t i, j, rc;
455 uint16_t ucaid;
456 uint32_t uprid;
457 struct s_client *cur_cl = cur_client();
458
459 rc = 1;
460 if(cur_cl->ftab.nfilts)
461 {
462 FTAB *f = &cur_cl->ftab;
463 for(i = rc = 0; (!rc) && (i < f->nfilts); i++)
464 {
465 ucaid = f->filts[i].caid;
466 if(er->caid == 0 || ucaid == 0 || (er->caid != 0 && er->caid == ucaid))
467 {
468 if (er->prid == 0)
469 {
470 cs_log_dbg(D_CLIENT, "%04X@%06X allowed by user '%s' filter caid %04X prid %06X",
471 er->caid, er->prid, cur_cl->account->usr, ucaid, 0);
472 rc = 1;
473 break;
474 }
475
476 for(j = rc = 0; (!rc) && (j < f->filts[i].nprids); j++)
477 {
478 uprid = f->filts[i].prids[j];
479 cs_log_dbg(D_CLIENT, "trying user '%s' filter %04X@%06X", cur_cl->account->usr, ucaid, uprid);
480
481 if(er->prid == uprid)
482 {
483 rc = 1;
484 cs_log_dbg(D_CLIENT, "%04X@%06X allowed by user '%s' filter %04X@%06X",
485 er->caid, er->prid, cur_cl->account->usr, ucaid, uprid);
486 }
487 }
488 }
489 }
490
491 if(!rc)
492 {
493 cs_log_dbg(D_CLIENT, "no match, %04X@%06X rejected by user '%s' filters",
494 er->caid, er->prid, cur_cl->account->usr);
495
496 snprintf(er->msglog, MSGLOGSIZE, "no card support %04X@%06X", er->caid, (uint32_t) er->prid);
497
498 if(!er->rcEx) { er->rcEx = (E1_USER << 4) | E2_IDENT; }
499 return (rc);
500 }
501 }
502
503 if(!(rc = chk_class(er, &cur_cl->cltab, "user", cur_cl->account->usr)))
504 {
505 if(!er->rcEx) { er->rcEx = (E1_USER << 4) | E2_CLASS; }
506 }
507 else if(!(rc = chk_chid(er, &cur_cl->fchid, "user", cur_cl->account->usr)))
508 {
509 if(!er->rcEx) { er->rcEx = (E1_USER << 4) | E2_CHID; }
510 }
511
512 if(rc) { er->rcEx = 0; }
513
514 return (rc);
515 }
516
517 int32_t chk_rsfilter(struct s_reader *reader, ECM_REQUEST *er)
518 {
519 int32_t i, rc = 1;
520 uint16_t caid;
521 uint32_t prid;
522
523 if(reader->ncd_disable_server_filt)
524 {
525 cs_log_dbg(D_CLIENT, "%04X@%06X allowed - server filters disabled", er->caid, er->prid);
526 return 1;
527 }
528
529 rc = prid = 0;
530 caid = reader->caid;
531 if(caid == er->caid)
532 {
533 for(i = 0; (!rc) && (i < reader->nprov); i++)
534 {
535 prid = (uint32_t)((reader->prid[i][1] << 16) | (reader->prid[i][2] << 8) | (reader->prid[i][3]));
536 cs_log_dbg(D_CLIENT, "trying server '%s' filter %04X@%06X", reader->device, caid, prid);
537
538 if(prid == er->prid || !er->prid)
539 {
540 rc = 1;
541 cs_log_dbg(D_CLIENT, "%04X@%06X allowed by server '%s' filter %04X@%06X",
542 er->caid, er->prid, reader->device, caid, prid);
543 }
544 }
545 }
546
547 if(!rc)
548 {
549 cs_log_dbg(D_CLIENT, "no match, %04X@%06X rejected by server '%s' filters",
550 er->caid, er->prid, reader->device);
551
552 if(!er->rcEx) { er->rcEx = (E1_SERVER << 4) | E2_IDENT; }
553 return 0;
554 }
555
556 return (rc);
557 }
558
559 int32_t chk_rfilter2(uint16_t rcaid, uint32_t rprid, struct s_reader *rdr)
560 {
561 int32_t i, j, rc = 1;
562 uint16_t caid = 0;
563 uint32_t prid = 0;
564
565 if(rdr->ftab.nfilts)
566 {
567 for(rc = i = 0; (!rc) && (i < rdr->ftab.nfilts); i++)
568 {
569 caid = rdr->ftab.filts[i].caid;
570 if((caid != 0 && caid == rcaid) || caid == 0)
571 {
572 for(j = 0; (!rc) && (j < rdr->ftab.filts[i].nprids); j++)
573 {
574 prid = rdr->ftab.filts[i].prids[j];
575 cs_log_dbg(D_CLIENT, "trying reader '%s' filter %04X@%06X", rdr->label, caid, prid);
576
577 if(prid == rprid)
578 {
579 rc = 1;
580 cs_log_dbg(D_CLIENT, "%04X@%06X allowed by reader '%s' filter %04X@%06X",
581 rcaid, rprid, rdr->label, caid, prid);
582 }
583 }
584 }
585 }
586
587 if(!rc)
588 {
589 cs_log_dbg(D_CLIENT, "no match, %04X@%06X rejected by reader '%s' filters",
590 rcaid, rprid, rdr->label);
591 return 0;
592 }
593 }
594
595 return (rc);
596 }
597
598 static int32_t chk_rfilter(ECM_REQUEST *er, struct s_reader *rdr)
599 {
600 return chk_rfilter2(er->caid, er->prid, rdr);
601 }
602
603 int32_t chk_ctab(uint16_t caid, CAIDTAB *ctab)
604 {
605 if(!caid || !ctab->ctnum)
606 { return 1; }
607
608 int32_t i;
609 for(i = 0; i < ctab->ctnum; i++)
610 {
611 CAIDTAB_DATA *d = &ctab->ctdata[i];
612 if(!d->caid)
613 {
614 return 0;
615 }
616 if((caid & d->mask) == d->caid)
617 { return 1; }
618 }
619 return 0;
620 }
621
622 int32_t chk_ctab_ex(uint16_t caid, CAIDTAB *ctab)
623 {
624 if(!caid || !ctab->ctnum)
625 { return 0; }
626
627 int32_t i;
628 for(i = 0; i < ctab->ctnum; i++)
629 {
630 CAIDTAB_DATA *d = &ctab->ctdata[i];
631 if(!d->caid)
632 {
633 return 0;
634 }
635
636 if((caid & d->mask) == d->caid)
637 {
638 return 1;
639 }
640 }
641 return 0;
642 }
643
644 uint8_t is_localreader(struct s_reader *rdr, ECM_REQUEST *er) // to be used for LB/reader selections checks only
645 {
646 if(!rdr) return 0;
647
648 if(!is_network_reader(rdr))
649 {
650 return 1;
651 }
652
653 if(!rdr->localcards.nfilts) { return 0; }
654
655 int32_t i, k;
656 for(i = 0; i < rdr->localcards.nfilts; i++)
657 {
658 uint16_t tcaid = rdr->localcards.filts[i].caid;
659 if(tcaid && tcaid == er->caid) // caid match
660 {
661 int32_t nprids = rdr->localcards.filts[i].nprids;
662 if(!nprids) // No Provider -> Ok
663 { return 1; }
664
665 for(k = 0; k < nprids; k++)
666 {
667 uint32_t prid = rdr->localcards.filts[i].prids[k];
668 if(prid == er->prid) // Provider matches
669 {
670 return 1;
671 }
672 }
673 }
674 }
675
676 return 0;
677 }
678
679 uint8_t chk_is_fixed_fallback(struct s_reader *rdr, ECM_REQUEST *er)
680 {
681 if(!rdr->fallback && !rdr->fallback_percaid.nfilts) { return 0; }
682
683 if(!rdr->fallback_percaid.nfilts)
684 {
685 if(rdr->fallback)
686 { return 1; }
687 }
688
689 int32_t i, k;
690 for(i = 0; i < rdr->fallback_percaid.nfilts; i++)
691 {
692 uint16_t tcaid = rdr->fallback_percaid.filts[i].caid;
693 if(tcaid && (tcaid == er->caid || (tcaid < 0x0100 && (er->caid >> 8) == tcaid))) // caid match
694 {
695 int32_t nprids = rdr->fallback_percaid.filts[i].nprids;
696 if(!nprids) // No Provider ->Ok
697 { return 1; }
698
699 for(k = 0; k < nprids; k++)
700 {
701 uint32_t prid = rdr->fallback_percaid.filts[i].prids[k];
702 if(prid == er->prid) // Provider matches
703 {
704 return 1;
705 }
706 }
707 }
708 }
709
710 return 0;
711 }
712
713 uint8_t chk_has_fixed_fallback(ECM_REQUEST *er)
714 {
715 struct s_ecm_answer *ea;
716 struct s_reader *rdr;
717 int32_t n_falb = 0;
718 for(ea = er->matching_rdr; ea; ea = ea->next)
719 {
720 rdr = ea->reader;
721 if(chk_is_fixed_fallback(rdr, er))
722 { n_falb++; }
723 }
724 return n_falb;
725 }
726
727 uint8_t chk_if_ignore_checksum(ECM_REQUEST *er, FTAB *disablecrc_only_for)
728 {
729 if(!disablecrc_only_for->nfilts) { return 0; }
730
731 int32_t i, k;
732 for(i = 0; i < disablecrc_only_for->nfilts; i++)
733 {
734 uint16_t tcaid = disablecrc_only_for->filts[i].caid;
735 if(tcaid && (tcaid == er->caid || (tcaid < 0x0100 && (er->caid >> 8) == tcaid))) // caid match
736 {
737 int32_t nprids = disablecrc_only_for->filts[i].nprids;
738 if(!nprids) // No Provider ->Ok
739 { return 1; }
740
741 for(k = 0; k < nprids; k++)
742 {
743 uint32_t prid =disablecrc_only_for->filts[i].prids[k];
744 if(prid == er->prid) // Provider matches
745 { return 1; }
746 }
747 }
748 }
749
750 return 0;
751 }
752
753 int32_t matching_reader(ECM_REQUEST *er, struct s_reader *rdr)
754 {
755 // simple checks first:
756 if(!er || !rdr)
757 { return (0); }
758
759 // reader active?
760 struct s_client *cl = rdr->client;
761 if(!cl || !rdr->enable)
762 { return (0); }
763
764 // if physical reader a card needs to be inserted
765 if(!is_network_reader(rdr) && rdr->card_status != CARD_INSERTED)
766 { return (0); }
767
768 // Checking connected & group valid:
769 struct s_client *cur_cl = er->client; //cur_client();
770
771 #ifdef CS_CACHEEX
772 // Cacheex=3 defines a Cacheex-only reader. never match them.
773 if(rdr->cacheex.mode == 3)
774 { return (0); }
775 if(rdr->cacheex.mode == 2 && !rdr->cacheex.allow_request)
776 { return (0); }
777 #endif
778
779 if(!(rdr->grp & cur_cl->grp))
780 { return (0); }
781
782 // Checking caids:
783 if((!er->ocaid || !chk_ctab(er->ocaid, &rdr->ctab)) && !chk_ctab(er->caid, &rdr->ctab))
784 {
785 cs_log_dbg(D_TRACE, "caid %04X not found in caidlist reader %s", er->caid, rdr->label);
786 return 0;
787 }
788
789 if(!(rdr->typ == R_EMU) && !is_network_reader(rdr) && ((rdr->caid >> 8) != ((er->caid >> 8) & 0xFF) && (rdr->caid >> 8) != ((er->ocaid >> 8) & 0xFF)))
790 {
791 if (!rdr->csystem)
792 { return 0; }
793
794 int i, caid_found = 0;
795 for(i = 0; rdr->csystem->caids[i]; i++)
796 {
797 uint16_t cs_caid = rdr->csystem->caids[i];
798 if(!cs_caid)
799 { continue; }
800
801 if(cs_caid == er->caid || cs_caid == er->ocaid)
802 {
803 caid_found = 1;
804 break;
805 }
806 }
807
808 if(!caid_found)
809 { return 0; }
810 }
811
812 // Supports long ecms?
813 if(er->ecmlen > 255 && is_network_reader(rdr) && !rdr->ph.large_ecm_support)
814 {
815 cs_log_dbg(D_TRACE, "no large ecm support (l=%d) for reader %s", er->ecmlen, rdr->label);
816 return 0;
817 }
818
819 // Checking services:
820 if(!chk_srvid(rdr->client, er))
821 {
822 cs_log_dbg(D_TRACE, "service %04X not matching reader %s", er->srvid, rdr->label);
823 return (0);
824 }
825
826 // Checking ident:
827 if(!(rdr->typ == R_EMU && caid_is_biss(er->caid)) && !chk_rfilter(er, rdr))
828 {
829 cs_log_dbg(D_TRACE, "r-filter reader %s", rdr->label);
830 return (0);
831 }
832
833 // Check ECM nanos:
834 if(!chk_class(er, &rdr->cltab, "reader", rdr->label))
835 {
836 cs_log_dbg(D_TRACE, "class filter reader %s", rdr->label);
837 return (0);
838 }
839
840 // CDS NL: check for right seca type
841 if(!is_network_reader(rdr) && er->caid == 0x100 && er->prid == 0x00006a
842 && !(er->ecm[8] == 0x00 && er->ecm[9] == 0x00)) // no empty ecm
843 {
844 if(er->ecm[8] == 0x00 && rdr->secatype == 2)
845 {
846 cs_log_dbg(D_TRACE, "Error: this is a nagra/mediaguard3 ECM and readertype is seca2!");
847 return 0; // we dont send a nagra/mediaguard3 ecm to a seca2 reader!
848 }
849
850 if((er->ecm[8] == 0x10) && (er->ecm[9] == 0x01) && rdr->secatype == 3)
851 {
852 cs_log_dbg(D_TRACE, "Error: this is a seca2 ECM and readertype is nagra/mediaguard3!");
853 return 0; // we dont send a seca2 ecm to a nagra/mediaguard3 reader!
854 }
855 }
856
857 // CDS NL: check for right seca type by ECMPID
858 if(!is_network_reader(rdr) && er->caid == 0x100 && er->prid == 0x00006a)
859 {
860 if(rdr->secatype == 2 && er->pid >> 8 == 7)
861 {
862 cs_log_dbg(D_TRACE, "Error: this is a nagra/mediaguard3 ECM and readertype is seca2!");
863 return 0; // we dont send a nagra/mediaguard3 ecm to a seca2 reader!
864 }
865
866 if(rdr->secatype == 3 && er->pid >> 8 == 6)
867 {
868 cs_log_dbg(D_TRACE, "Error: this is a seca2 ECM and readertype is nagra/mediaguard3!");
869 return 0; // we dont send a seca2 ecm to a nagra/mediaguard3 reader!
870 }
871 }
872
873 // Checking chid:
874 if(!chk_chid(er, &rdr->fchid, "reader", rdr->label))
875 {
876 cs_log_dbg(D_TRACE, "chid filter reader %s", rdr->label);
877 return (0);
878 }
879
880 // Schlocke reader-defined function, reader-self-check
881 if(rdr->ph.c_available && !rdr->ph.c_available(rdr, AVAIL_CHECK_CONNECTED, er))
882 {
883 cs_log_dbg(D_TRACE, "reader unavailable %s", rdr->label);
884 return 0;
885 }
886
887 // Checking entitlements:
888 if(ll_count(rdr->ll_entitlements) > 0 && !(rdr->typ == R_EMU))
889 {
890 LL_ITER itr = ll_iter_create(rdr->ll_entitlements);
891 S_ENTITLEMENT *item;
892 int8_t found = 0;
893
894 while((item = ll_iter_next(&itr)))
895 {
896 if(item->caid != er->caid) continue; // skip wrong caid!
897 if(item->type == 7) continue; // skip seca-admin type (provid 000000) since its not used for decoding!
898 if(er->prid && item->provid && er->prid != item->provid) continue; // skip non matching provid!
899 if(!er->prid && caid_is_seca(er->caid)) continue; // dont accept requests without provid for seca cas.
900 if(!er->prid && caid_is_viaccess(er->caid)) continue; // dont accept requests without provid for viaccess cas
901 if(!er->prid && caid_is_cryptoworks(er->caid)) continue; // dont accept requests without provid for cryptoworks cas
902 found =1;
903 break;
904 }
905
906 if(!found && er->ecm[0]) // ecmrequest can get corrected provid parsed from payload in ecm
907 {
908 cs_log_dbg(D_TRACE, "entitlements check failed on reader %s", rdr->label);
909 return 0;
910 }
911 }
912
913 // Checking ecmlength:
914 if(rdr->ecm_whitelist.ewnum && er->ecmlen)
915 {
916 int32_t i;
917 int8_t ok = 0, foundident = 0;
918
919 for (i = 0; i < rdr->ecm_whitelist.ewnum; i++)
920 {
921 ECM_WHITELIST_DATA *d = &rdr->ecm_whitelist.ewdata[i];
922 if ((d->caid == 0 || d->caid == er->caid) && (d->ident == 0 || d->ident == er->prid))
923 {
924 foundident = 1;
925 if (d->len == er->ecmlen)
926 {
927 ok = 1;
928 break;
929 }
930 }
931 }
932
933 if(foundident == 1 && ok == 0)
934 {
935 cs_log_dbg(D_TRACE, "ECM is not in ecmwhitelist of reader %s.", rdr->label);
936 rdr->ecmsfilteredlen += 1;
937 rdr->webif_ecmsfilteredlen += 1;
938 return (0);
939 }
940 }
941
942 // ECM Header Check
943 if(rdr->ecm_hdr_whitelist.ehdata && er->ecmlen)
944 {
945 int8_t byteok = 0;
946 int8_t entryok = 0;
947 int8_t foundcaid = 0;
948 int8_t foundprovid = 0;
949 int16_t len = 0;
950 int32_t i = 0;
951 int8_t skip = 0;
952 int32_t r;
953
954 for(r = 0; r < rdr->ecm_hdr_whitelist.ehnum; r++)
955 {
956 ECM_HDR_WHITELIST_DATA *tmp = &rdr->ecm_hdr_whitelist.ehdata[r];
957 skip = 0;
958 byteok = 0;
959 entryok = 0;
960 len = 0;
961
962 if(tmp->caid == 0 || tmp->caid == er->caid)
963 {
964 foundcaid = 1; //-> caid was in list
965 //rdr_log_dbg(rdr, D_READER, "Headerwhitelist: found matching CAID: %04X in list", tmp->caid);
966
967 if(tmp->provid == 0 || tmp->provid == er->prid)
968 {
969 foundprovid = 1; //-> provid was in list
970 //rdr_log_dbg(rdr, D_READER, "Headerwhitelist: found matching Provid: %06X in list", tmp->provid);
971
972 len = tmp->len;
973 for(i = 0; i < len / 2; i++)
974 {
975 if(tmp->header[i] == er->ecm[i])
976 {
977 byteok = 1;
978 //rdr_log_dbg(rdr, D_READER, "ECM Byte: %i of ECMHeaderwhitelist is correct. (%02X = %02X Headerlen: %i)", i, er->ecm[i], tmp->header[i], len/2);
979 }
980 else
981 {
982 byteok = 0;
983 //rdr_log_dbg(rdr, D_READER, "ECM Byte: %i of ECMHeaderwhitelist is not valid. (%02X != %02X Headerlen: %i)", i, er->ecm[i], tmp->header[i], len/2);
984 entryok = 0;
985 break;
986 }
987
988 if(i == len / 2 - 1 && byteok == 1)
989 {
990 entryok = 1;
991 }
992 }
993 }
994 else
995 {
996 //rdr_log_dbg(rdr, D_READER, "ECMHeaderwhitelist: Provid: %06X not found in List-Entry -> skipping check", er->prid);
997 skip = 1;
998 continue;
999 }
1000 }
1001 else
1002 {
1003 //rdr_log_dbg(rdr, D_READER, "ECMHeaderwhitelist: CAID: %04X not found in List-Entry -> skipping check", er->caid);
1004 skip = 1;
1005 continue;
1006 }
1007
1008 if(entryok == 1)
1009 {
1010 break;
1011 }
1012 }
1013
1014 if(foundcaid == 1 && foundprovid == 1 && byteok == 1 && entryok == 1)
1015 {
1016 //cs_log("ECM for %04X@%06X:%04X is valid for ECMHeaderwhitelist of reader %s.", er->caid, er->prid, er->srvid, rdr->label);
1017 }
1018 else
1019 {
1020 if(skip == 0 || (foundcaid == 1 && foundprovid == 1 && entryok == 0 && skip == 1))
1021 {
1022 cs_log_dump_dbg(D_TRACE, er->ecm, er->ecmlen, "following ECM %04X@%06X:%04X was filtered by ECMHeaderwhitelist of Reader %s from User %s because of not matching Header:", er->caid, er->prid, er->srvid, rdr->label, username(er->client));
1023 rdr->ecmsfilteredhead += 1;
1024 rdr->webif_ecmsfilteredhead += 1;
1025 return (0);
1026 }
1027 }
1028 }
1029
1030 // Simple ring connection check:
1031
1032 // Check ip source+dest:
1033 if(cfg.block_same_ip && IP_EQUAL(cur_cl->ip, rdr->client->ip) && get_module(cur_cl)->listenertype != LIS_DVBAPI && is_network_reader(rdr))
1034 {
1035 rdr_log_dbg(rdr, D_TRACE, "User (%s) has the same ip (%s) as the reader, blocked because block_same_ip=1!", username(cur_cl), cs_inet_ntoa(rdr->client->ip));
1036 return 0;
1037 }
1038
1039 if(cfg.block_same_name && strcmp(username(cur_cl), rdr->label) == 0)
1040 {
1041 rdr_log_dbg(rdr, D_TRACE, "User (%s) has the same name as the reader, blocked because block_same_name=1!", username(cur_cl));
1042 return 0;
1043 }
1044
1045 if(!reader_slots_available(rdr, er)&& er->ecmlen > 0) // check free slots, er->ecmlen>0 trick to skip this test for matching readers in dvbapi module
1046 {
1047 return 0;
1048 }
1049
1050 // All checks done, reader is matching!
1051 return (1);
1052 }
1053
1054 int32_t chk_caid(uint16_t caid, CAIDTAB *ctab)
1055 {
1056 int32_t i;
1057
1058 if (!ctab->ctnum) { return caid; }
1059
1060 for(i = 0; i < ctab->ctnum; i++)
1061 {
1062 CAIDTAB_DATA *d = &ctab->ctdata[i];
1063 if((caid & d->mask) == d->caid) { return d->cmap ? d->cmap : caid; }
1064 }
1065 return -1;
1066 }
1067
1068 int32_t chk_caid_rdr(struct s_reader *rdr, uint16_t caid)
1069 {
1070 if(is_network_reader(rdr) || rdr->typ == R_EMU)
1071 {
1072 return 1; // reader caid is not real caid
1073 }
1074 else if(rdr->caid == caid)
1075 {
1076 return 1;
1077 }
1078 return 0;
1079 }
1080
1081 int32_t chk_bcaid(ECM_REQUEST *er, CAIDTAB *ctab)
1082 {
1083 int32_t caid;
1084 caid = chk_caid(er->caid, ctab);
1085 if(caid < 0) { return 0; }
1086 er->caid = caid;
1087 return 1;
1088 }
1089
1090 /**
1091 * Check for NULL CWs
1092 **/
1093 int32_t chk_is_null_CW(uint8_t cw[])
1094 {
1095 int8_t i;
1096 for(i = 0; i < 16; i++)
1097 {
1098 if(cw[i])
1099 { return 0; }
1100 }
1101 return 1;
1102 }
1103
1104 /**
1105 * Check for ecm request that expects half cw format
1106 **/
1107 int8_t is_halfCW_er(ECM_REQUEST *er)
1108 {
1109 if( caid_is_videoguard(er->caid) && (er->caid == 0x09C4 || er->caid == 0x098C || er->caid == 0x098D || er->caid == 0x0963 || er->caid == 0x09CD || er->caid == 0x0919 || er->caid == 0x093B || er->caid == 0x098E))
1110 { return 1; }
1111 return 0;
1112 }
1113
1114 /**
1115 * Check for wrong half CWs
1116 **/
1117 int8_t chk_halfCW(ECM_REQUEST *er, uint8_t *cw)
1118 {
1119 if(is_halfCW_er(er) && cw)
1120 {
1121 uint8_t cw15 = cw[15];
1122 if(get_odd_even(er) == 0x80 && cw[15] == 0xF0) { cw[15] = 0; }
1123
1124 int8_t part1 = checkCWpart(cw, 0);
1125 int8_t part2 = checkCWpart(cw, 1);
1126
1127 // check for correct half cw format
1128 if(part1 && part2){ cw[15] = cw15; return 0; }
1129
1130 // check for correct cw position
1131 if((get_odd_even(er) == 0x80 && part1 && !part2) // xxxxxxxx00000000
1132 ||(get_odd_even(er) == 0x81 && !part1 && part2)) // 00000000xxxxxxxx
1133 {
1134 return 1;
1135 }
1136
1137 cw[15] = cw15;
1138 return 0; // not correct swapped cw
1139 }
1140 else
1141 {
1142 return 1;
1143 }
1144 }
1145
1146 /**
1147 * Check for NULL nodeid
1148 **/
1149 int32_t chk_is_null_nodeid(uint8_t node_id[], uint8_t len)
1150 {
1151 int8_t i;
1152 for(i = 0; i < len; i++)
1153 {
1154 if(node_id[i]) { return 0; }
1155 }
1156 return 1;
1157 }
1158
1159 // check if client structure is accessible
1160 bool check_client(struct s_client *cl)
1161 {
1162 if(cl && !cl->kill) { return true; }
1163 return false;
1164 }
1165
1166 uint16_t caidvaluetab_get_value(CAIDVALUETAB *cv, uint16_t caid, uint16_t default_value)
1167 {
1168 int32_t i;
1169 for(i = 0; i < cv->cvnum; i++)
1170 {
1171 CAIDVALUETAB_DATA *cvdata = &cv->cvdata[i];
1172 if(cvdata->caid == caid || cvdata->caid == caid >> 8) { return cvdata->value; }
1173 }
1174 return default_value;
1175 }
1176
1177 int32_t chk_is_fakecw(uint8_t *cw)
1178 {
1179 uint32_t i, is_fakecw = 0;
1180 uint32_t idx = ((cw[0] & 0xF) << 4) | (cw[8] & 0xF);
1181
1182 cs_readlock(__func__, &config_lock);
1183
1184 for(i = 0; i < cfg.fakecws[idx].count; i++)
1185 {
1186 if(memcmp(cw, cfg.fakecws[idx].data[i].cw, 16) == 0)
1187 {
1188 is_fakecw = 1;
1189 break;
1190 }
1191 }
1192 cs_readunlock(__func__, &config_lock);
1193
1194 return is_fakecw;
1195 }
Open Source Conditional Access Modul