Auth::Auth( const JSON & i_obj, const af::Address & i_address):
m_address( i_address),
m_time(0),
m_nc(0)
{
std::string response;
if( af::jr_int64("nc", m_nc, i_obj))
if( af::jr_string("user_name", m_user_name, i_obj))
if( af::jr_string("nonce", m_nonce, i_obj))
if( af::jr_string("response", response, i_obj))
{
m_digest = af::Environment::getDigest( m_user_name);
if( m_digest.empty())
{
AFCommon::QueueLogError( std::string("AUTH: No such user: "******": "+ i_address.v_generateInfoString()));
return;
}
if( response == calcResponse())
m_time = time(NULL);
else
AFCommon::QueueLogError( std::string("AUTH: Invalid digest: " + i_address.v_generateInfoString()));
return;
}
AFCommon::QueueLogError( std::string("AUTH: Invalid object: " + i_address.v_generateInfoString()));
}
bool Auth::check( const JSON & i_obj, const af::Address & i_address)
{
int nc = -1;
std::string response;
std::string user_name;
if( af::jr_int("nc", nc, i_obj))
if( af::jr_string("user_name", user_name, i_obj))
if( af::jr_string("response", response, i_obj))
{
if( false == m_address.equalIP( i_address ))
{
AFCommon::QueueLogError( std::string("AUTH: Invalid IP: " + i_address.v_generateInfoString()));
return false;
}
if( user_name != m_user_name )
{
AFCommon::QueueLogError( std::string("AUTH: Invalid user name: " + i_address.v_generateInfoString()));
return false;
}
if( nc <= m_nc )
{
AFCommon::QueueLogError( std::string("AUTH: Invalid nonce count: " + i_address.v_generateInfoString()));
return false;
}
m_nc = nc;
if( response != calcResponse())
{
AFCommon::QueueLogError( std::string("AUTH: Invalid response: " + i_address.v_generateInfoString()));
return false;
}
m_time = time( NULL);
return true;
}
AFCommon::QueueLogError( std::string("AUTH: Invalid object: " + i_address.v_generateInfoString()));
return false;
}
bool CAirPlayServer::CTCPClient::checkAuthorization(const CStdString& authStr,
const CStdString& method,
const CStdString& uri)
{
bool authValid = true;
CStdString username;
if (authStr.empty())
return false;
//first get username - we allow all usernames for airplay (usually it is AirPlay)
username = getFieldFromString(authStr, "username");
if (username.empty())
{
authValid = false;
}
//second check realm
if (authValid)
{
if (getFieldFromString(authStr, "realm") != AUTH_REALM)
{
authValid = false;
}
}
//third check nonce
if (authValid)
{
if (getFieldFromString(authStr, "nonce") != m_authNonce)
{
authValid = false;
}
}
//forth check uri
if (authValid)
{
if (getFieldFromString(authStr, "uri") != uri)
{
authValid = false;
}
}
//last check response
if (authValid)
{
CStdString realm = AUTH_REALM;
CStdString ourResponse = calcResponse(username, ServerInstance->m_password, realm, method, uri, m_authNonce);
CStdString theirResponse = getFieldFromString(authStr, "response");
if (!theirResponse.Equals(ourResponse, false))
{
authValid = false;
CLog::Log(LOGDEBUG,"AirAuth: response mismatch - our: %s theirs: %s",ourResponse.c_str(), theirResponse.c_str());
}
else
{
CLog::Log(LOGDEBUG, "AirAuth: successfull authentication from AirPlay client");
}
}
m_bAuthenticated = authValid;
return m_bAuthenticated;
}