morgan/UxPlay
1
0
Fork 0
mirror of https://github.com/morgan9e/UxPlay synced 2026-04-14 00:04:13 +09:00
Code Issues Packages Projects Releases Wiki Activity

keep authentication failure count for -pw random pw option

Browse Source
This commit is contained in:
F. Duncanh
2025-04-24 09:58:46 -04:00
parent f8ad47d9b4
commit 443f7c65d8
2 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/raop.c
View File

@@ -80,7 +80,8 @@ struct raop_s {
/* used in digest authentication */ /* used in digest authentication */
char *nonce; char *nonce;
char * random_pw; char *random_pw;
unsigned char auth_fail_count;
}; };
struct raop_conn_s { struct raop_conn_s {

21
lib/raop_handlers.h
View File

@@ -588,7 +588,13 @@ raop_handler_setup(raop_conn_t *conn,
if (!conn->authenticated && conn->raop->callbacks.passwd) { if (!conn->authenticated && conn->raop->callbacks.passwd) {
int len; int len;
const char *password = conn->raop->callbacks.passwd(conn->raop->callbacks.cls, &len); const char *password = conn->raop->callbacks.passwd(conn->raop->callbacks.cls, &len);
// len = -1 means use a random password for this connection // len = -1 means use a random password for this connection
if (len == -1 && conn->raop->random_pw && conn->raop->auth_fail_count >= 5) {
// change random_pw after 5 failed authentication attempts
logger_log(conn->raop->logger, LOGGER_INFO, "Too many authentication failures: generate new random password");
free(conn->raop->random_pw);
conn->raop->random_pw = NULL;
}
if (len == -1 && !conn->raop->random_pw) { if (len == -1 && !conn->raop->random_pw) {
// get and store 4 random digits // get and store 4 random digits
int pin_4 = random_pin(); int pin_4 = random_pin();
@@ -598,9 +604,10 @@ raop_handler_setup(raop_conn_t *conn,
char pin[6] = {'\0'}; char pin[6] = {'\0'};
snprintf(pin, 5, "%04u", pin_4 % 10000); snprintf(pin, 5, "%04u", pin_4 % 10000);
conn->raop->random_pw = strndup((const char *) pin, 6); conn->raop->random_pw = strndup((const char *) pin, 6);
conn->raop->auth_fail_count = 0;
if (conn->raop->callbacks.display_pin) { if (conn->raop->callbacks.display_pin) {
conn->raop->callbacks.display_pin(conn->raop->callbacks.cls, pin); conn->raop->callbacks.display_pin(conn->raop->callbacks.cls, pin);
} }
logger_log(conn->raop->logger, LOGGER_INFO, "*** CLIENT MUST NOW ENTER PIN = \"%s\" AS AIRPLAY PASSWORD", pin); logger_log(conn->raop->logger, LOGGER_INFO, "*** CLIENT MUST NOW ENTER PIN = \"%s\" AS AIRPLAY PASSWORD", pin);
} }
if (len && !conn->authenticated) { if (len && !conn->authenticated) {
@@ -616,8 +623,16 @@ raop_handler_setup(raop_conn_t *conn,
strncpy(nonce_string, ptr, 32); strncpy(nonce_string, ptr, 32);
const char *method = http_request_get_method(request); const char *method = http_request_get_method(request);
conn->authenticated = pairing_digest_verify(method, authorization, password); conn->authenticated = pairing_digest_verify(method, authorization, password);
if (!conn->authenticated) {
conn->raop->auth_fail_count++;
logger_log(conn->raop->logger, LOGGER_INFO, "*** authentication failure: count = %u", conn->raop->auth_fail_count);
if (conn->raop->callbacks.display_pin && conn->raop->auth_fail_count > 1) {
conn->raop->callbacks.display_pin(conn->raop->callbacks.cls, conn->raop->random_pw);
}
logger_log(conn->raop->logger, LOGGER_INFO, "*** CLIENT MUST NOW ENTER PIN = \"%s\" AS AIRPLAY PASSWORD", conn->raop->random_pw);
}
if (conn->authenticated) { if (conn->authenticated) {
printf("initial authenticatication OK\n"); printf("initial authenticatication OK\n");
conn->authenticated = conn->authenticated && !strcmp(nonce_string, conn->raop->nonce); conn->authenticated = conn->authenticated && !strcmp(nonce_string, conn->raop->nonce);
if (!conn->authenticated) { if (!conn->authenticated) {
logger_log(conn->raop->logger, LOGGER_INFO, "authentication rejected (nonce mismatch) %s %s", logger_log(conn->raop->logger, LOGGER_INFO, "authentication rejected (nonce mismatch) %s %s",