1 | #include "globals.h"
|
---|
2 | #include "oscam-chk.h"
|
---|
3 | #include "oscam-ecm.h"
|
---|
4 | #include "oscam-client.h"
|
---|
5 | #include "oscam-net.h"
|
---|
6 | #include "oscam-string.h"
|
---|
7 |
|
---|
8 | #define CS_NANO_CLASS 0xE2
|
---|
9 | #define OK 1
|
---|
10 | #define ERROR 0
|
---|
11 |
|
---|
12 | #ifdef WITH_CARDREADER
|
---|
13 | static int32_t ecm_ratelimit_findspace(struct s_reader *reader, ECM_REQUEST *er, int32_t maxloop)
|
---|
14 | {
|
---|
15 | int32_t h, foundspace;
|
---|
16 | time_t actualtime = time(NULL);
|
---|
17 |
|
---|
18 | for (h = 0; h < maxloop; h++) {
|
---|
19 | // Check for a useable slot
|
---|
20 | if ((actualtime - reader->rlecmh[h].last > reader->ratelimitseconds) ||
|
---|
21 | reader->rlecmh[h].last == -1 || reader->rlecmh[h].srvid == er->srvid) {
|
---|
22 | if (h < maxloop - 1) { // Do housekeeping
|
---|
23 | for (foundspace = h + 1; foundspace < maxloop; foundspace++) {
|
---|
24 | // Check if srvid is not already in a slot
|
---|
25 | if (reader->rlecmh[foundspace].srvid == er->srvid) {
|
---|
26 | // Just moving and freeing slot no new assignment
|
---|
27 | reader->rlecmh[h].srvid = reader->rlecmh[foundspace].srvid;
|
---|
28 | reader->rlecmh[h].last = reader->rlecmh[foundspace].last;
|
---|
29 | reader->rlecmh[foundspace].srvid = -1;
|
---|
30 | reader->rlecmh[foundspace].last = -1;
|
---|
31 | cs_debug_mask(D_TRACE,
|
---|
32 | "ratelimiter moving srvid %04X from slot #%d/%d to #%d/%d of reader %s",
|
---|
33 | er->srvid, foundspace + 1, maxloop, h + 1, maxloop, reader->label);
|
---|
34 | }
|
---|
35 | // Release slots with srvid that are overtime,
|
---|
36 | // even if not called from reader module, to maximize available slots!
|
---|
37 | if ((actualtime - reader->rlecmh[foundspace].last > reader->ratelimitseconds) &&
|
---|
38 | (reader->rlecmh[foundspace].last != -1)) {
|
---|
39 | cs_debug_mask(D_TRACE,
|
---|
40 | "ratelimiter old srvid %04X released from slot #%d/%d of reader %s (%d > %d ratelimitsec!)",
|
---|
41 | reader->rlecmh[foundspace].srvid, foundspace + 1, maxloop,
|
---|
42 | reader->label, (int) (actualtime - reader->rlecmh[foundspace].last),
|
---|
43 | reader->ratelimitseconds);
|
---|
44 | reader->rlecmh[foundspace].last = -1;
|
---|
45 | reader->rlecmh[foundspace].srvid = -1;
|
---|
46 | }
|
---|
47 | } // End for
|
---|
48 | } // End if
|
---|
49 | // Release slots with srvid that are overtime,
|
---|
50 | // even if not called from reader module, to maximize available slots!
|
---|
51 | if (reader->rlecmh[h].srvid != er->srvid && reader->rlecmh[h].last != -1) {
|
---|
52 | // This h slot is found because it is overtime.
|
---|
53 | cs_debug_mask(D_TRACE,
|
---|
54 | "ratelimiter old srvid %04X released from slot #%d/%d of reader %s (%d > %d ratelimitsec!)",
|
---|
55 | reader->rlecmh[h].srvid, h + 1, maxloop,
|
---|
56 | reader->label, (int) (actualtime - reader->rlecmh[h].last),
|
---|
57 | reader->ratelimitseconds);
|
---|
58 | reader->rlecmh[h].last = -1;
|
---|
59 | reader->rlecmh[h].srvid = -1;
|
---|
60 | }
|
---|
61 | if (reader->rlecmh[h].srvid == er->srvid)
|
---|
62 | cs_debug_mask(D_TRACE, "ratelimiter found srvid %04X for %d sec in slot #%d/%d of reader %s",
|
---|
63 | er->srvid, (int) (actualtime - reader->rlecmh[h].last), h+1, maxloop, reader->label);
|
---|
64 | return h; // Free slot found, possible to assign it!
|
---|
65 | }
|
---|
66 | }
|
---|
67 |
|
---|
68 | #ifdef HAVE_DVBAPI
|
---|
69 | /* Overide ratelimit priority for dvbapi request */
|
---|
70 | foundspace = -1;
|
---|
71 | if ((cfg.dvbapi_enabled == 1) && streq(er->client->account->usr, cfg.dvbapi_usr)) {
|
---|
72 | if (reader->lastdvbapirateoverride < actualtime - reader->ratelimitseconds) {
|
---|
73 | time_t minecmtime = actualtime;
|
---|
74 | for (h = 0; h < maxloop; h++) {
|
---|
75 | if(reader->rlecmh[h].last < minecmtime) {
|
---|
76 | minecmtime = reader->rlecmh[h].last;
|
---|
77 | foundspace = h;
|
---|
78 | }
|
---|
79 | }
|
---|
80 | reader->lastdvbapirateoverride = actualtime;
|
---|
81 | cs_debug_mask(D_TRACE, "prioritizing DVBAPI user %s over other watching client",
|
---|
82 | er->client->account->usr);
|
---|
83 | cs_debug_mask(D_TRACE, "ratelimiter forcing srvid %04X into slot #%d/%d of reader %s",
|
---|
84 | er->srvid, foundspace + 1, maxloop, reader->label);
|
---|
85 | return foundspace; // Free slot found, possible to assign it!
|
---|
86 | }
|
---|
87 | else cs_debug_mask(D_TRACE, "DVBAPI User %s is switching too fast for ratelimit and can't be prioritized!",
|
---|
88 | er->client->account->usr);
|
---|
89 | }
|
---|
90 | #endif
|
---|
91 |
|
---|
92 | return (-1);
|
---|
93 | }
|
---|
94 |
|
---|
95 | static void sort_ecmrl(struct s_reader *reader)
|
---|
96 | {
|
---|
97 | int32_t i, j, loc;
|
---|
98 | struct ecmrl tmp;
|
---|
99 |
|
---|
100 | for(i = 0; i < reader->ratelimitecm; i++) {
|
---|
101 | loc = i;
|
---|
102 | tmp = reader->rlecmh[i];
|
---|
103 |
|
---|
104 | for(j = i + 1; j < MAXECMRATELIMIT; j++) {
|
---|
105 | if(reader->rlecmh[j].last > tmp.last) {
|
---|
106 | loc = j;
|
---|
107 | tmp = reader->rlecmh[j];
|
---|
108 | }
|
---|
109 | } // for j
|
---|
110 |
|
---|
111 | if(loc != i) {
|
---|
112 | reader->rlecmh[loc] = reader->rlecmh[i];
|
---|
113 | reader->rlecmh[i] = tmp;
|
---|
114 | }
|
---|
115 | } // for i
|
---|
116 |
|
---|
117 | // release all slots above ratelimit ecm
|
---|
118 | for (i = reader->ratelimitecm; i < MAXECMRATELIMIT; i++) {
|
---|
119 | reader->rlecmh[i].last = -1;
|
---|
120 | reader->rlecmh[i].srvid = -1;
|
---|
121 | }
|
---|
122 |
|
---|
123 | }
|
---|
124 |
|
---|
125 | int32_t ecm_ratelimit_check(struct s_reader *reader, ECM_REQUEST *er, int32_t reader_mode)
|
---|
126 | // If reader_mode is 1, ECM_REQUEST need to be assigned to reader and slot.
|
---|
127 | // Else just report if a free slot is available.
|
---|
128 | {
|
---|
129 | int32_t foundspace = -1, h, maxslots = MAXECMRATELIMIT; //init slots to oscam global maximums
|
---|
130 |
|
---|
131 | // No rate limit set
|
---|
132 | if (!reader->ratelimitecm) return OK;
|
---|
133 |
|
---|
134 | // Below this line: rate limit functionality.
|
---|
135 | // No cooldown set
|
---|
136 | if (!reader->cooldown[0]) {
|
---|
137 | cs_debug_mask(D_TRACE, "ratelimiter find a slot for srvid %04X on reader %s reader_mode = %d",
|
---|
138 | er->srvid, reader->label, reader_mode);
|
---|
139 | foundspace = ecm_ratelimit_findspace(reader, er, reader->ratelimitecm);
|
---|
140 | if (foundspace < 0) {
|
---|
141 | if (reader_mode) {
|
---|
142 | cs_debug_mask(D_TRACE, "ratelimiter no free slot for srvid %04X on reader %s -> dropping!", er->srvid, reader->label);
|
---|
143 | write_ecm_answer(reader, er, E_NOTFOUND, E2_RATELIMIT, NULL, "Ratelimiter: no slots free!");
|
---|
144 | }
|
---|
145 | return ERROR; // not even trowing an error... obvious reason ;)
|
---|
146 | }
|
---|
147 | else {
|
---|
148 | if (reader_mode) {
|
---|
149 | // Register new slot
|
---|
150 | reader->rlecmh[foundspace].last = time(NULL);
|
---|
151 | reader->rlecmh[foundspace].srvid = er->srvid;
|
---|
152 | }
|
---|
153 | return OK;
|
---|
154 | }
|
---|
155 | }
|
---|
156 |
|
---|
157 | // Below this line: rate limit functionality with cooldown option.
|
---|
158 |
|
---|
159 | // Cooldown state cycle:
|
---|
160 | // state = 0: Cooldown setup phase. No rate limit set.
|
---|
161 | // If number of ecm request exceed reader->ratelimitecm, cooldownstate goes to 2.
|
---|
162 | // state = 2: Cooldown delay phase. No rate limit set.
|
---|
163 | // If number of ecm request still exceed reader->ratelimitecm at end of cooldown delay phase,
|
---|
164 | // cooldownstate goes to 1 (rate limit phase).
|
---|
165 | // Else return back to setup phase (state 0).
|
---|
166 | // state = 1: Cooldown ratelimit phase. Rate limit set.
|
---|
167 | // If cooldowntime reader->cooldown[1] is elapsed, return to cooldown setup phase (state 0).
|
---|
168 |
|
---|
169 | if (reader->cooldownstate == 1) { // Cooldown in ratelimit phase
|
---|
170 | if (time(NULL) - reader->cooldowntime <= reader->cooldown[1]) // check if cooldowntime is elapsed
|
---|
171 | maxslots = reader->ratelimitecm; // use user defined ratelimitecm
|
---|
172 | else { // Cooldown time is elapsed
|
---|
173 | reader->cooldownstate = 0; // set cooldown setup phase
|
---|
174 | reader->cooldowntime = 0; // reset cooldowntime
|
---|
175 | maxslots = MAXECMRATELIMIT; //use oscam defined max slots
|
---|
176 | cs_log("Reader: %s ratelimiter returning to setup phase cooling down period of %d seconds is done!",
|
---|
177 | reader->label, reader->cooldown[1]);
|
---|
178 | }
|
---|
179 | } // if cooldownstate == 1
|
---|
180 |
|
---|
181 | if (reader->cooldownstate == 2 && time(NULL) - reader->cooldowntime > reader->cooldown[0]) {
|
---|
182 | // Need to check if the otherslots are not exceeding the ratelimit at the moment that
|
---|
183 | // cooldown[0] time was exceeded!
|
---|
184 | // time_t actualtime = reader->cooldowntime + reader->cooldown[0];
|
---|
185 | maxslots = 0; // maxslots is used as counter
|
---|
186 | for (h = 0; h < MAXECMRATELIMIT; h++) {
|
---|
187 | // how many active slots are registered at end of cooldown delay period
|
---|
188 | if (reader->cooldowntime + reader->cooldown[0] - reader->rlecmh[h].last
|
---|
189 | <= reader->ratelimitseconds) {
|
---|
190 | maxslots++;
|
---|
191 | if (maxslots > reader->ratelimitecm) break; // Need to go cooling down phase
|
---|
192 | }
|
---|
193 | }
|
---|
194 |
|
---|
195 | if (maxslots <= reader->ratelimitecm) {
|
---|
196 | reader->cooldownstate = 0; // set cooldown setup phase
|
---|
197 | reader->cooldowntime = 0; // reset cooldowntime
|
---|
198 | maxslots = MAXECMRATELIMIT; // maxslots is maxslots again
|
---|
199 | cs_log("Reader: %s ratelimiter returning to setup phase after %d seconds cooldowndelay!",
|
---|
200 | reader->label, reader->cooldown[0]);
|
---|
201 | }
|
---|
202 | else {
|
---|
203 | reader->cooldownstate = 1; // Entering ratelimit for cooldown ratelimitseconds
|
---|
204 | reader->cooldowntime = time(NULL); // set time to enforce ecmratelimit for defined cooldowntime
|
---|
205 | maxslots = reader->ratelimitecm; // maxslots is maxslots again
|
---|
206 | sort_ecmrl(reader); // keep youngest ecm requests in list + housekeeping
|
---|
207 | cs_log("Reader: %s ratelimiter starting cooling down period of %d seconds!",
|
---|
208 | reader->label, reader->cooldown[1]);
|
---|
209 | }
|
---|
210 | } // if cooldownstate == 2
|
---|
211 |
|
---|
212 | cs_debug_mask(D_TRACE, "ratelimiter cooldown find a slot for srvid %04X on reader %s reader_mode = %d",
|
---|
213 | er->srvid, reader->label, reader_mode);
|
---|
214 | foundspace = ecm_ratelimit_findspace(reader, er, maxslots);
|
---|
215 | if (foundspace < 0) { // No space is no space, done!
|
---|
216 | //who's calling us? reader or some stat prober? If reader then register otherwise just report!
|
---|
217 | if (reader_mode) {
|
---|
218 | cs_debug_mask(D_TRACE, "ratelimiter no free slot for srvid %04X on reader %s -> dropping!",
|
---|
219 | er->srvid, reader->label);
|
---|
220 | write_ecm_answer(reader, er, E_NOTFOUND, E2_RATELIMIT, NULL, "Ratelimiter: no slots free!");
|
---|
221 | }
|
---|
222 | return ERROR; // not even trowing an error... obvious reason ;)
|
---|
223 | }
|
---|
224 |
|
---|
225 | if (reader->cooldownstate == 0 && foundspace >= reader->ratelimitecm) {
|
---|
226 | if (!reader_mode) return OK; // No actual ecm request, just check
|
---|
227 | cs_log("Reader: %s ratelimiter detected overrun ecmratelimit of %d during setup phase!",
|
---|
228 | reader->label, reader->ratelimitecm);
|
---|
229 | reader->cooldownstate = 2; // Entering cooldowndelay phase
|
---|
230 | reader->cooldowntime = time(NULL); // Set cooldowntime to calculate delay
|
---|
231 | cs_debug_mask(D_TRACE, "ratelimiter cooldowndelaying %d seconds", reader->cooldown[0]);
|
---|
232 | }
|
---|
233 |
|
---|
234 | // Cooldown state housekeeping is done. There is a slot available.
|
---|
235 | if (reader_mode) {
|
---|
236 | // Register new slot
|
---|
237 | reader->rlecmh[foundspace].last = time(NULL);
|
---|
238 | reader->rlecmh[foundspace].srvid = er->srvid;
|
---|
239 | }
|
---|
240 | return OK;
|
---|
241 | }
|
---|
242 | #endif
|
---|
243 |
|
---|
244 | static int32_t find_nano(uchar *ecm, int32_t l, uchar nano, int32_t s)
|
---|
245 | {
|
---|
246 | uchar *snano;
|
---|
247 |
|
---|
248 | if( s >= l ) return 0;
|
---|
249 | if( !s ) s=(ecm[4]==0xD2) ? 12 : 9; // tpsflag -> offset+3
|
---|
250 | snano = ecm + s;
|
---|
251 |
|
---|
252 | while( (*snano!=nano) && (s<l) )
|
---|
253 | {
|
---|
254 | if( *snano == 0xEA ) return 0;
|
---|
255 | snano++;
|
---|
256 | s++;
|
---|
257 | }
|
---|
258 |
|
---|
259 | return (s<l)?++s:0;
|
---|
260 | }
|
---|
261 |
|
---|
262 | static int32_t chk_class(ECM_REQUEST *er, CLASSTAB *clstab, const char *type, const char *name)
|
---|
263 | {
|
---|
264 | int32_t i, j, an, cl_n, l;
|
---|
265 | uchar ecm_class;
|
---|
266 |
|
---|
267 | if( er->caid!=0x0500 ) return 1;
|
---|
268 | if( !clstab->bn && !clstab->an ) return 1;
|
---|
269 |
|
---|
270 | j=an=cl_n=l=0;
|
---|
271 | while( (j=find_nano(er->ecm, er->ecmlen, CS_NANO_CLASS, j)) > 0 )
|
---|
272 | {
|
---|
273 | l = er->ecm[j];
|
---|
274 | if(l+j>er->ecmlen) continue; // skip, this is not a valid class identifier!
|
---|
275 | ecm_class = er->ecm[j+l];
|
---|
276 | cs_debug_mask(D_CLIENT, "ecm class=%02X", ecm_class);
|
---|
277 | for( i=0; i<clstab->bn; i++ ) // search in blocked
|
---|
278 | if( ecm_class==clstab->bclass[i] )
|
---|
279 | {
|
---|
280 | cs_debug_mask(D_CLIENT, "class %02X rejected by %s '%s' !%02X filter",
|
---|
281 | ecm_class, type, name, ecm_class);
|
---|
282 | return 0;
|
---|
283 | }
|
---|
284 |
|
---|
285 | cl_n++;
|
---|
286 | for( i=0; i<clstab->an; i++ ) // search in allowed
|
---|
287 | if( ecm_class==clstab->aclass[i] )
|
---|
288 | {
|
---|
289 | an++;
|
---|
290 | break;
|
---|
291 | }
|
---|
292 | j+=l;
|
---|
293 | }
|
---|
294 |
|
---|
295 | if( cl_n && clstab->an )
|
---|
296 | {
|
---|
297 | if( an )
|
---|
298 | cs_debug_mask(D_CLIENT, "ECM classes allowed by %s '%s' filter", type, name);
|
---|
299 | else {
|
---|
300 | cs_debug_mask(D_CLIENT, "ECM classes don't match %s '%s' filter, rejecting", type, name);
|
---|
301 | return 0;
|
---|
302 | }
|
---|
303 | }
|
---|
304 |
|
---|
305 | return 1;
|
---|
306 | }
|
---|
307 |
|
---|
308 | int32_t chk_srvid_match(ECM_REQUEST *er, SIDTAB *sidtab)
|
---|
309 | {
|
---|
310 | int32_t i, rc=0;
|
---|
311 |
|
---|
312 | if (!sidtab->num_caid)
|
---|
313 | rc|=1;
|
---|
314 | else
|
---|
315 | for (i=0; (i<sidtab->num_caid) && (!(rc&1)); i++)
|
---|
316 | if (er->caid==sidtab->caid[i]) rc|=1;
|
---|
317 |
|
---|
318 | if (!er->prid || !sidtab->num_provid)
|
---|
319 | rc|=2;
|
---|
320 | else
|
---|
321 | for (i=0; (i<sidtab->num_provid) && (!(rc&2)); i++)
|
---|
322 | if (er->prid==sidtab->provid[i]) rc|=2;
|
---|
323 |
|
---|
324 | if (!sidtab->num_srvid)
|
---|
325 | rc|=4;
|
---|
326 | else
|
---|
327 | for (i=0; (i<sidtab->num_srvid) && (!(rc&4)); i++)
|
---|
328 | if (er->srvid==sidtab->srvid[i]) rc|=4;
|
---|
329 |
|
---|
330 | return(rc==7);
|
---|
331 | }
|
---|
332 |
|
---|
333 | int32_t chk_srvid(struct s_client *cl, ECM_REQUEST *er)
|
---|
334 | {
|
---|
335 | int32_t nr, rc=0;
|
---|
336 | SIDTAB *sidtab;
|
---|
337 |
|
---|
338 | if (!cl->sidtabs.ok)
|
---|
339 | {
|
---|
340 | if (!cl->sidtabs.no) return(1);
|
---|
341 | rc=1;
|
---|
342 | }
|
---|
343 | for (nr=0, sidtab=cfg.sidtab; sidtab; sidtab=sidtab->next, nr++)
|
---|
344 | if (sidtab->num_caid | sidtab->num_provid | sidtab->num_srvid)
|
---|
345 | {
|
---|
346 | if ((cl->sidtabs.no&((SIDTABBITS)1<<nr)) &&
|
---|
347 | (chk_srvid_match(er, sidtab)))
|
---|
348 | return(0);
|
---|
349 | if ((cl->sidtabs.ok&((SIDTABBITS)1<<nr)) &&
|
---|
350 | (chk_srvid_match(er, sidtab)))
|
---|
351 | rc=1;
|
---|
352 | }
|
---|
353 | return(rc);
|
---|
354 | }
|
---|
355 |
|
---|
356 | int32_t has_srvid(struct s_client *cl, ECM_REQUEST *er) {
|
---|
357 | if (!cl->sidtabs.ok)
|
---|
358 | return 0;
|
---|
359 |
|
---|
360 | int32_t nr;
|
---|
361 | SIDTAB *sidtab;
|
---|
362 |
|
---|
363 | for (nr=0, sidtab=cfg.sidtab; sidtab; sidtab=sidtab->next, nr++)
|
---|
364 | if (sidtab->num_srvid)
|
---|
365 | {
|
---|
366 | if ((cl->sidtabs.ok&((SIDTABBITS)1<<nr)) &&
|
---|
367 | (chk_srvid_match(er, sidtab)))
|
---|
368 | return 1;
|
---|
369 | }
|
---|
370 | return 0;
|
---|
371 | }
|
---|
372 |
|
---|
373 |
|
---|
374 | int32_t chk_srvid_match_by_caid_prov(uint16_t caid, uint32_t provid, SIDTAB *sidtab)
|
---|
375 | {
|
---|
376 | int32_t i, rc=0;
|
---|
377 |
|
---|
378 | if (!sidtab->num_caid)
|
---|
379 | rc|=1;
|
---|
380 | else
|
---|
381 | for (i=0; (i<sidtab->num_caid) && (!(rc&1)); i++)
|
---|
382 | if (caid==sidtab->caid[i]) rc|=1;
|
---|
383 |
|
---|
384 | if (!sidtab->num_provid)
|
---|
385 | rc|=2;
|
---|
386 | else
|
---|
387 | for (i=0; (i<sidtab->num_provid) && (!(rc&2)); i++)
|
---|
388 | if (provid==sidtab->provid[i]) rc|=2;
|
---|
389 |
|
---|
390 | return(rc==3);
|
---|
391 | }
|
---|
392 |
|
---|
393 | int32_t chk_srvid_by_caid_prov(struct s_client *cl, uint16_t caid, uint32_t provid) {
|
---|
394 | int32_t nr, rc=0;
|
---|
395 | SIDTAB *sidtab;
|
---|
396 |
|
---|
397 | if (!cl->sidtabs.ok)
|
---|
398 | {
|
---|
399 | if (!cl->sidtabs.no) return(1);
|
---|
400 | rc=1;
|
---|
401 | }
|
---|
402 | for (nr=0, sidtab=cfg.sidtab; sidtab; sidtab=sidtab->next, nr++)
|
---|
403 | if (sidtab->num_caid | sidtab->num_provid)
|
---|
404 | {
|
---|
405 | if ((cl->sidtabs.no&((SIDTABBITS)1<<nr)) && !sidtab->num_srvid &&
|
---|
406 | (chk_srvid_match_by_caid_prov(caid, provid, sidtab)))
|
---|
407 | return(0);
|
---|
408 | if ((cl->sidtabs.ok&((SIDTABBITS)1<<nr)) &&
|
---|
409 | (chk_srvid_match_by_caid_prov(caid, provid, sidtab)))
|
---|
410 | rc=1;
|
---|
411 | }
|
---|
412 | return(rc);
|
---|
413 | }
|
---|
414 |
|
---|
415 | int32_t chk_srvid_by_caid_prov_rdr(struct s_reader *rdr, uint16_t caid, uint32_t provid) {
|
---|
416 | int32_t nr, rc=0;
|
---|
417 | SIDTAB *sidtab;
|
---|
418 |
|
---|
419 | if (!rdr->sidtabs.ok)
|
---|
420 | {
|
---|
421 | if (!rdr->sidtabs.no) return(1);
|
---|
422 | rc=1;
|
---|
423 | }
|
---|
424 | for (nr=0, sidtab=cfg.sidtab; sidtab; sidtab=sidtab->next, nr++)
|
---|
425 | if (sidtab->num_caid | sidtab->num_provid)
|
---|
426 | {
|
---|
427 | if ((rdr->sidtabs.no&((SIDTABBITS)1<<nr)) && !sidtab->num_srvid &&
|
---|
428 | (chk_srvid_match_by_caid_prov(caid, provid, sidtab)))
|
---|
429 | return(0);
|
---|
430 | if ((rdr->sidtabs.ok&((SIDTABBITS)1<<nr)) &&
|
---|
431 | (chk_srvid_match_by_caid_prov(caid, provid, sidtab)))
|
---|
432 | rc=1;
|
---|
433 | }
|
---|
434 | return(rc);
|
---|
435 | }
|
---|
436 |
|
---|
437 |
|
---|
438 | // server filter for newcamd
|
---|
439 | int32_t chk_sfilter(ECM_REQUEST *er, PTAB *ptab)
|
---|
440 | {
|
---|
441 | int32_t i, j, pi, rc=1;
|
---|
442 | uint16_t caid, scaid;
|
---|
443 | uint32_t prid, sprid;
|
---|
444 |
|
---|
445 | if (!ptab) return(1);
|
---|
446 | struct s_client *cur_cl = cur_client();
|
---|
447 |
|
---|
448 | caid = er->caid;
|
---|
449 | prid = er->prid;
|
---|
450 | pi = cur_cl->port_idx;
|
---|
451 |
|
---|
452 | if (cfg.ncd_mgclient && ptab == &cfg.ncd_ptab)
|
---|
453 | return 1;
|
---|
454 |
|
---|
455 | if (ptab->nports && ptab->ports[pi].ftab.nfilts)
|
---|
456 | {
|
---|
457 | for( rc=j=0; (!rc) && (j<ptab->ports[pi].ftab.nfilts); j++ )
|
---|
458 | {
|
---|
459 | scaid = ptab->ports[pi].ftab.filts[j].caid;
|
---|
460 | if (caid==0||(caid!=0 && caid==scaid))
|
---|
461 | {
|
---|
462 | for( i=0; (!rc) && i<ptab->ports[pi].ftab.filts[j].nprids; i++ )
|
---|
463 | {
|
---|
464 | sprid=ptab->ports[pi].ftab.filts[j].prids[i];
|
---|
465 | cs_debug_mask(D_CLIENT, "trying server filter %04X:%06X", scaid, sprid);
|
---|
466 | if (prid==sprid)
|
---|
467 | {
|
---|
468 | rc=1;
|
---|
469 | cs_debug_mask(D_CLIENT, "%04X:%06X allowed by server filter %04X:%06X",
|
---|
470 | caid, prid, scaid, sprid);
|
---|
471 | }
|
---|
472 | }
|
---|
473 | }
|
---|
474 | }
|
---|
475 | if(!rc)
|
---|
476 | {
|
---|
477 | cs_debug_mask(D_CLIENT, "no match, %04X:%06X rejected by server filters", caid, prid);
|
---|
478 | snprintf( er->msglog, MSGLOGSIZE, "no server match %04X:%06X",
|
---|
479 | caid, (uint32_t) prid );
|
---|
480 |
|
---|
481 | if (!er->rcEx) er->rcEx=(E1_LSERVER<<4)|E2_IDENT;
|
---|
482 | return(rc);
|
---|
483 | }
|
---|
484 | }
|
---|
485 | return (rc);
|
---|
486 | }
|
---|
487 |
|
---|
488 | static int32_t chk_chid(ECM_REQUEST *er, FTAB *fchid, char *type, char *name)
|
---|
489 | {
|
---|
490 | int32_t rc=1, i, j, found_caid=0;
|
---|
491 | if( !fchid->nfilts ) return 1;
|
---|
492 |
|
---|
493 | for( i=rc=0; (!rc) && i<fchid->nfilts; i++ )
|
---|
494 | if( er->caid == fchid->filts[i].caid ) {
|
---|
495 | found_caid=1;
|
---|
496 | for( j=0; (!rc) && j<fchid->filts[i].nprids; j++ )
|
---|
497 | {
|
---|
498 | cs_debug_mask(D_CLIENT, "trying %s '%s' CHID filter %04X:%04X",
|
---|
499 | type, name, fchid->filts[i].caid, fchid->filts[i].prids[j]);
|
---|
500 | if( er->chid == fchid->filts[i].prids[j] )
|
---|
501 | {
|
---|
502 | cs_debug_mask(D_CLIENT, "%04X:%04X allowed by %s '%s' CHID filter %04X:%04X",
|
---|
503 | er->caid, er->chid, type, name, fchid->filts[i].caid,
|
---|
504 | fchid->filts[i].prids[j]);
|
---|
505 | rc=1;
|
---|
506 | }
|
---|
507 | }
|
---|
508 | }
|
---|
509 |
|
---|
510 | if( !rc )
|
---|
511 | {
|
---|
512 | if (found_caid)
|
---|
513 | cs_debug_mask(D_CLIENT, "no match, %04X:%04X rejected by %s '%s' CHID filter(s)",
|
---|
514 | er->caid, er->chid, type, name);
|
---|
515 | else {
|
---|
516 | rc=1;
|
---|
517 | cs_debug_mask(D_CLIENT, "%04X:%04X allowed by %s '%s' CHID filter, CAID not spezified",
|
---|
518 | er->caid, er->chid, type, name);
|
---|
519 | }
|
---|
520 | }
|
---|
521 | return (rc);
|
---|
522 | }
|
---|
523 |
|
---|
524 | int32_t chk_ufilters(ECM_REQUEST *er)
|
---|
525 | {
|
---|
526 | int32_t i, j, rc;
|
---|
527 | uint16_t ucaid;
|
---|
528 | uint32_t uprid;
|
---|
529 | struct s_client *cur_cl = cur_client();
|
---|
530 |
|
---|
531 | rc=1;
|
---|
532 | if( cur_cl->ftab.nfilts )
|
---|
533 | {
|
---|
534 | FTAB *f = &cur_cl->ftab;
|
---|
535 | for( i=rc=0; (!rc) && (i<f->nfilts); i++ )
|
---|
536 | {
|
---|
537 | ucaid = f->filts[i].caid;
|
---|
538 | if( er->caid==0 || ucaid==0 || (er->caid!=0 && er->caid==ucaid) )
|
---|
539 | {
|
---|
540 | for( j=rc=0; (!rc) && (j<f->filts[i].nprids); j++ )
|
---|
541 | {
|
---|
542 | uprid = f->filts[i].prids[j];
|
---|
543 | cs_debug_mask(D_CLIENT, "trying user '%s' filter %04X:%06X",
|
---|
544 | cur_cl->account->usr, ucaid, uprid);
|
---|
545 | if( er->prid == uprid )
|
---|
546 | {
|
---|
547 | rc=1;
|
---|
548 | cs_debug_mask(D_CLIENT, "%04X:%06X allowed by user '%s' filter %04X:%06X",
|
---|
549 | er->caid, er->prid, cur_cl->account->usr, ucaid, uprid);
|
---|
550 | }
|
---|
551 | }
|
---|
552 | }
|
---|
553 | }
|
---|
554 | if( !rc ) {
|
---|
555 | cs_debug_mask(D_CLIENT, "no match, %04X:%06X rejected by user '%s' filters",
|
---|
556 | er->caid, er->prid, cur_cl->account->usr);
|
---|
557 | snprintf( er->msglog, MSGLOGSIZE, "no card support %04X:%06X",
|
---|
558 | er->caid, (uint32_t) er->prid );
|
---|
559 |
|
---|
560 | if( !er->rcEx ) er->rcEx=(E1_USER<<4)|E2_IDENT;
|
---|
561 | return (rc);
|
---|
562 | }
|
---|
563 | }
|
---|
564 |
|
---|
565 | if( !(rc=chk_class(er, &cur_cl->cltab, "user", cur_cl->account->usr)) ) {
|
---|
566 | if( !er->rcEx ) er->rcEx=(E1_USER<<4)|E2_CLASS;
|
---|
567 | }
|
---|
568 | else if( !(rc=chk_chid(er, &cur_cl->fchid, "user", cur_cl->account->usr)) )
|
---|
569 | if( !er->rcEx ) er->rcEx=(E1_USER<<4)|E2_CHID;
|
---|
570 |
|
---|
571 | if( rc ) er->rcEx=0;
|
---|
572 |
|
---|
573 | return (rc);
|
---|
574 | }
|
---|
575 |
|
---|
576 | int32_t chk_rsfilter(struct s_reader * reader, ECM_REQUEST *er)
|
---|
577 | {
|
---|
578 | int32_t i, rc=1;
|
---|
579 | uint16_t caid;
|
---|
580 | uint32_t prid;
|
---|
581 |
|
---|
582 | if( reader->ncd_disable_server_filt )
|
---|
583 | {
|
---|
584 | cs_debug_mask(D_CLIENT, "%04X:%06X allowed - server filters disabled",
|
---|
585 | er->caid, er->prid);
|
---|
586 | return 1;
|
---|
587 | }
|
---|
588 |
|
---|
589 | rc=prid=0;
|
---|
590 | caid = reader->caid;
|
---|
591 | if( caid==er->caid )
|
---|
592 | {
|
---|
593 | for( i=0; (!rc) && (i<reader->nprov); i++ )
|
---|
594 | {
|
---|
595 | prid = (uint32_t)((reader->prid[i][1]<<16) |
|
---|
596 | (reader->prid[i][2]<<8) |
|
---|
597 | (reader->prid[i][3]));
|
---|
598 | cs_debug_mask(D_CLIENT, "trying server '%s' filter %04X:%06X",
|
---|
599 | reader->device, caid, prid);
|
---|
600 | if( prid==er->prid )
|
---|
601 | {
|
---|
602 | rc=1;
|
---|
603 | cs_debug_mask(D_CLIENT, "%04X:%06X allowed by server '%s' filter %04X:%06X",
|
---|
604 | er->caid, er->prid, reader->device, caid, prid);
|
---|
605 | }
|
---|
606 | }
|
---|
607 | }
|
---|
608 | if(!rc) {
|
---|
609 | cs_debug_mask(D_CLIENT, "no match, %04X:%06X rejected by server '%s' filters",
|
---|
610 | er->caid, er->prid, reader->device);
|
---|
611 | if( !er->rcEx ) er->rcEx=(E1_SERVER<<4)|E2_IDENT;
|
---|
612 | return 0;
|
---|
613 | }
|
---|
614 |
|
---|
615 | return(rc);
|
---|
616 | }
|
---|
617 |
|
---|
618 | int32_t chk_rfilter2(uint16_t rcaid, uint32_t rprid, struct s_reader *rdr)
|
---|
619 | {
|
---|
620 | int32_t i, j, rc=1;
|
---|
621 | uint16_t caid=0;
|
---|
622 | uint32_t prid=0;
|
---|
623 |
|
---|
624 | if( rdr->ftab.nfilts )
|
---|
625 | {
|
---|
626 | for( rc=i=0; (!rc) && (i<rdr->ftab.nfilts); i++ )
|
---|
627 | {
|
---|
628 | caid = rdr->ftab.filts[i].caid;
|
---|
629 | if( (caid!=0 && caid==rcaid) || caid==0 )
|
---|
630 | {
|
---|
631 | for( j=0; (!rc) && (j<rdr->ftab.filts[i].nprids); j++)
|
---|
632 | {
|
---|
633 | prid = rdr->ftab.filts[i].prids[j];
|
---|
634 | cs_debug_mask(D_CLIENT, "trying reader '%s' filter %04X:%06X",
|
---|
635 | rdr->label, caid, prid);
|
---|
636 | if( prid==rprid )
|
---|
637 | {
|
---|
638 | rc=1;
|
---|
639 | cs_debug_mask(D_CLIENT, "%04X:%06X allowed by reader '%s' filter %04X:%06X",
|
---|
640 | rcaid, rprid, rdr->label, caid, prid);
|
---|
641 | }
|
---|
642 | }
|
---|
643 | }
|
---|
644 | }
|
---|
645 | if(!rc) {
|
---|
646 | cs_debug_mask(D_CLIENT, "no match, %04X:%06X rejected by reader '%s' filters",
|
---|
647 | rcaid, rprid, rdr->label);
|
---|
648 | return 0;
|
---|
649 | }
|
---|
650 | }
|
---|
651 |
|
---|
652 | return(rc);
|
---|
653 | }
|
---|
654 |
|
---|
655 |
|
---|
656 | static int32_t chk_rfilter(ECM_REQUEST *er, struct s_reader *rdr)
|
---|
657 | {
|
---|
658 | return chk_rfilter2(er->caid, er->prid, rdr);
|
---|
659 | }
|
---|
660 |
|
---|
661 | int32_t chk_ctab(uint16_t caid, CAIDTAB *ctab) {
|
---|
662 | if (!caid || !ctab->caid[0])
|
---|
663 | return 1;
|
---|
664 |
|
---|
665 | int32_t i;
|
---|
666 | for (i=0;i<CS_MAXCAIDTAB;i++)
|
---|
667 | {
|
---|
668 | if (!ctab->caid[i]) {
|
---|
669 | return 0;
|
---|
670 | }
|
---|
671 | if ((caid & ctab->mask[i]) == ctab->caid[i])
|
---|
672 | return 1;
|
---|
673 | }
|
---|
674 | return 0;
|
---|
675 | }
|
---|
676 |
|
---|
677 | int32_t chk_ctab_ex(uint16_t caid, CAIDTAB *ctab) {
|
---|
678 | if (!caid || !ctab->caid[0])
|
---|
679 | return 0;
|
---|
680 |
|
---|
681 | int32_t i;
|
---|
682 | for (i=0;i<CS_MAXCAIDTAB;i++)
|
---|
683 | {
|
---|
684 | if (!ctab->caid[i]) {
|
---|
685 | return 0;
|
---|
686 | }
|
---|
687 | if ((caid & ctab->mask[i]) == ctab->caid[i])
|
---|
688 | return 1;
|
---|
689 | }
|
---|
690 | return 0;
|
---|
691 | }
|
---|
692 |
|
---|
693 | int32_t matching_reader(ECM_REQUEST *er, struct s_reader *rdr, int32_t slot) {
|
---|
694 | (void)slot; // Prevent warning about unused param slot, when WITH_CARDREADER is disabled
|
---|
695 | //simple checks first:
|
---|
696 | if (!er || !rdr)
|
---|
697 | return(0);
|
---|
698 |
|
---|
699 | //reader active?
|
---|
700 | struct s_client *cl = rdr->client;
|
---|
701 | if (!cl || !rdr->enable)
|
---|
702 | return(0);
|
---|
703 |
|
---|
704 | // if physical reader a card needs to be inserted
|
---|
705 | if (!is_network_reader(rdr) && rdr->card_status != CARD_INSERTED)
|
---|
706 | return(0);
|
---|
707 |
|
---|
708 | //Checking connected & group valid:
|
---|
709 | struct s_client *cur_cl = er->client; //cur_client();
|
---|
710 |
|
---|
711 | #ifdef CS_CACHEEX
|
---|
712 | //To avoid cascading, a incoming cache request should not invoke a outgoing cache request:
|
---|
713 | if (rdr->cacheex.mode == 1 && cur_cl->auth && cur_cl->account->cacheex.mode == 1)
|
---|
714 | return (0);
|
---|
715 |
|
---|
716 | //Cacheex=3 defines a Cacheex-only reader. never match them.
|
---|
717 | if (rdr->cacheex.mode == 3)
|
---|
718 | return (0);
|
---|
719 | #endif
|
---|
720 |
|
---|
721 | if (!(rdr->grp&cur_cl->grp))
|
---|
722 | return(0);
|
---|
723 |
|
---|
724 | //Checking caids:
|
---|
725 | if ((!er->ocaid || !chk_ctab(er->ocaid, &rdr->ctab)) && !chk_ctab(er->caid, &rdr->ctab)) {
|
---|
726 | cs_debug_mask(D_TRACE, "caid %04X not found in caidlist reader %s", er->caid, rdr->label);
|
---|
727 | return 0;
|
---|
728 | }
|
---|
729 |
|
---|
730 | if (!is_network_reader(rdr) && ((rdr->caid >> 8) != ((er->caid >> 8) & 0xFF) && (rdr->caid >> 8) != ((er->ocaid >> 8) & 0xFF)))
|
---|
731 | {
|
---|
732 | int i, caid_found = 0;
|
---|
733 | for (i = 0; i < 2; i++) {
|
---|
734 | if (rdr->csystem.caids[i] == er->caid || rdr->csystem.caids[i] == er->ocaid) {
|
---|
735 | caid_found = 1;
|
---|
736 | break;
|
---|
737 | }
|
---|
738 | }
|
---|
739 | if (!caid_found)
|
---|
740 | return 0;
|
---|
741 | }
|
---|
742 |
|
---|
743 | //Supports long ecms?
|
---|
744 | if (er->ecmlen > 255 && is_network_reader(rdr) && !rdr->ph.large_ecm_support) {
|
---|
745 | cs_debug_mask(D_TRACE, "no large ecm support (l=%d) for reader %s", er->ecmlen, rdr->label);
|
---|
746 | return 0;
|
---|
747 | }
|
---|
748 |
|
---|
749 |
|
---|
750 | //Checking services:
|
---|
751 | if (!chk_srvid(rdr->client, er)) {
|
---|
752 | cs_debug_mask(D_TRACE, "service %04X not matching reader %s", er->srvid, rdr->label);
|
---|
753 | return(0);
|
---|
754 | }
|
---|
755 |
|
---|
756 | //Checking ident:
|
---|
757 | if (er->prid && !chk_rfilter(er, rdr)) {
|
---|
758 | cs_debug_mask(D_TRACE, "r-filter reader %s", rdr->label);
|
---|
759 | return(0);
|
---|
760 | }
|
---|
761 |
|
---|
762 | //Check ECM nanos:
|
---|
763 | if (!chk_class(er, &rdr->cltab, "reader", rdr->label)) {
|
---|
764 | cs_debug_mask(D_TRACE, "class filter reader %s", rdr->label);
|
---|
765 | return(0);
|
---|
766 | }
|
---|
767 |
|
---|
768 |
|
---|
769 | // CDS NL: check for right seca type
|
---|
770 | if (!is_network_reader(rdr) && er->caid == 0x100 && er->prid == 0x00006a &&
|
---|
771 | !(er->ecm[8] == 0x00 && er->ecm[9] == 0x00)) { // no empty ecm
|
---|
772 | if (er->ecm[8] == 0x00 && rdr->secatype == 2) {
|
---|
773 | cs_debug_mask(D_TRACE,"Error: this is a nagra/mediaguard3 ECM and readertype is seca2!");
|
---|
774 | return 0; // we dont send a nagra/mediaguard3 ecm to a seca2 reader!
|
---|
775 | }
|
---|
776 | if ((er->ecm[8] == 0x10) && (er->ecm[9] == 0x01) && rdr->secatype == 3){
|
---|
777 | cs_debug_mask(D_TRACE,"Error: this is a seca2 ECM and readertype is nagra/mediaguard3!");
|
---|
778 | return 0; // we dont send a seca2 ecm to a nagra/mediaguard3 reader!
|
---|
779 | }
|
---|
780 | }
|
---|
781 |
|
---|
782 | //Checking chid:
|
---|
783 | if (!chk_chid(er, &rdr->fchid, "reader", rdr->label)) {
|
---|
784 | cs_debug_mask(D_TRACE, "chid filter reader %s", rdr->label);
|
---|
785 | return(0);
|
---|
786 | }
|
---|
787 |
|
---|
788 | //Schlocke reader-defined function, reader-self-check
|
---|
789 | if (rdr->ph.c_available && !rdr->ph.c_available(rdr, AVAIL_CHECK_CONNECTED, er)) {
|
---|
790 | cs_debug_mask(D_TRACE, "reader unavailable %s", rdr->label);
|
---|
791 | return 0;
|
---|
792 | }
|
---|
793 |
|
---|
794 | //Checking entitlements:
|
---|
795 | if (ll_count(rdr->ll_entitlements) > 0) {
|
---|
796 | LL_ITER itr = ll_iter_create(rdr->ll_entitlements);
|
---|
797 | S_ENTITLEMENT *item;
|
---|
798 | int8_t found = 0;
|
---|
799 | while ((item=ll_iter_next(&itr))) {
|
---|
800 | //if (item->caid == er->caid && (!er->prid || !item->provid || item->provid == er->prid)) { //provid check causing problems?
|
---|
801 | if (item->caid == er->caid || item->caid == er->ocaid) { //... so check at least caid only
|
---|
802 | found =1;
|
---|
803 | break;
|
---|
804 | }
|
---|
805 | }
|
---|
806 | if (!found){
|
---|
807 | cs_debug_mask(D_TRACE, "entitlements check failed on reader %s", rdr->label);
|
---|
808 | return 0;
|
---|
809 | }
|
---|
810 | }
|
---|
811 |
|
---|
812 | //Checking ecmlength:
|
---|
813 | if (rdr->ecmWhitelist && er->ecmlen) {
|
---|
814 | struct s_ecmWhitelist *tmp;
|
---|
815 | struct s_ecmWhitelistIdent *tmpIdent;
|
---|
816 | struct s_ecmWhitelistLen *tmpLen;
|
---|
817 | int8_t ok = 0, foundident = 0;
|
---|
818 | for(tmp = rdr->ecmWhitelist; tmp; tmp = tmp->next){
|
---|
819 | if(tmp->caid == 0 || tmp->caid == er->caid){
|
---|
820 | for(tmpIdent = tmp->idents; tmpIdent; tmpIdent = tmpIdent->next){
|
---|
821 | if(tmpIdent->ident == 0 || tmpIdent->ident == er->prid){
|
---|
822 | foundident = 1;
|
---|
823 | for(tmpLen = tmpIdent->lengths; tmpLen; tmpLen = tmpLen->next){
|
---|
824 | if (tmpLen->len == er->ecmlen) {
|
---|
825 | ok = 1;
|
---|
826 | break;
|
---|
827 | }
|
---|
828 | }
|
---|
829 | }
|
---|
830 | }
|
---|
831 | }
|
---|
832 | }
|
---|
833 | if(foundident == 1 && ok == 0){
|
---|
834 | cs_debug_mask(D_TRACE, "ECM is not in ecmwhitelist of reader %s.",rdr->label);
|
---|
835 | rdr->ecmsfilteredlen += 1;
|
---|
836 | return(0);
|
---|
837 | }
|
---|
838 | }
|
---|
839 |
|
---|
840 | // ECM Header Check
|
---|
841 | if (rdr->ecmHeaderwhitelist && er->ecmlen) {
|
---|
842 | int8_t byteok = 0;
|
---|
843 | int8_t entryok = 0;
|
---|
844 | int8_t foundcaid = 0;
|
---|
845 | int8_t foundprovid = 0;
|
---|
846 | int16_t len = 0;
|
---|
847 | int32_t i = 0;
|
---|
848 | int8_t skip = 0;
|
---|
849 | struct s_ecmHeaderwhitelist *tmp;
|
---|
850 | for(tmp = rdr->ecmHeaderwhitelist; tmp; tmp = tmp->next){
|
---|
851 | skip = 0;
|
---|
852 | byteok = 0;
|
---|
853 | entryok = 0;
|
---|
854 | len = 0;
|
---|
855 | if (tmp->caid == 0 || tmp->caid == er->caid){
|
---|
856 | foundcaid = 1; //-> caid was in list
|
---|
857 | //rdr_debug_mask(rdr, D_READER, "Headerwhitelist: found matching CAID: %04X in list", tmp->caid);
|
---|
858 | if (tmp->provid == 0 || tmp->provid == er->prid) {
|
---|
859 | foundprovid = 1; //-> provid was in list
|
---|
860 | //rdr_debug_mask(rdr, D_READER, "Headerwhitelist: found matching Provid: %06X in list", tmp->provid);
|
---|
861 | len = tmp->len;
|
---|
862 | for (i=0; i < len/2; i++){
|
---|
863 | if (tmp->header[i] == er->ecm[i]){
|
---|
864 | byteok = 1;
|
---|
865 | //rdr_debug_mask(rdr, D_READER, "ECM Byte: %i of ECMHeaderwhitelist is correct. (%02X = %02X Headerlen: %i)", i, er->ecm[i], tmp->header[i], len/2);
|
---|
866 | }
|
---|
867 | else {
|
---|
868 | byteok = 0;
|
---|
869 | //rdr_debug_mask(rdr, D_READER, "ECM Byte: %i of ECMHeaderwhitelist is not valid. (%02X != %02X Headerlen: %i)", i, er->ecm[i], tmp->header[i], len/2);
|
---|
870 | entryok = 0;
|
---|
871 | break;
|
---|
872 | }
|
---|
873 | if (i == len/2-1 && byteok == 1){
|
---|
874 | entryok = 1;
|
---|
875 | }
|
---|
876 |
|
---|
877 | }
|
---|
878 | } else {
|
---|
879 | //rdr_debug_mask(rdr, D_READER, "ECMHeaderwhitelist: Provid: %06X not found in List-Entry -> skipping check", er->prid);
|
---|
880 | skip = 1;
|
---|
881 | continue;
|
---|
882 | }
|
---|
883 | } else {
|
---|
884 | //rdr_debug_mask(rdr, D_READER, "ECMHeaderwhitelist: CAID: %04X not found in List-Entry -> skipping check", er->caid);
|
---|
885 | skip = 1;
|
---|
886 | continue;
|
---|
887 | }
|
---|
888 | if (entryok == 1){
|
---|
889 | break;
|
---|
890 | }
|
---|
891 |
|
---|
892 | }
|
---|
893 | if (foundcaid == 1 && foundprovid == 1 && byteok == 1 && entryok == 1){
|
---|
894 | //cs_log("ECM for %04X:%06X:%04X is valid for ECMHeaderwhitelist of reader %s.", er->caid, er->prid, er->srvid, rdr->label);
|
---|
895 | } else {
|
---|
896 | if (skip == 0 || (foundcaid == 1 && foundprovid == 1 && entryok == 0 && skip == 1)) {
|
---|
897 | cs_ddump_mask(D_TRACE, er->ecm, er->ecmlen,
|
---|
898 | "following ECM %04X:%06X:%04X was filtered by ECMHeaderwhitelist of Reader %s from User %s because of not matching Header:",
|
---|
899 | er->caid, er->prid, er->srvid, rdr->label, username(er->client));
|
---|
900 | rdr->ecmsfilteredhead += 1;
|
---|
901 | return(0);
|
---|
902 | }
|
---|
903 | }
|
---|
904 | }
|
---|
905 |
|
---|
906 | //Simple ring connection check:
|
---|
907 |
|
---|
908 | //Check ip source+dest:
|
---|
909 | if (cfg.block_same_ip && IP_EQUAL(cur_cl->ip, rdr->client->ip) &&
|
---|
910 | get_module(cur_cl)->listenertype != LIS_DVBAPI &&
|
---|
911 | is_network_reader(rdr))
|
---|
912 | {
|
---|
913 | cs_debug_mask(D_TRACE, "ECMs origin %s has the same ip as reader %s, blocked!", username(cur_cl), rdr->label);
|
---|
914 | return 0;
|
---|
915 | }
|
---|
916 |
|
---|
917 | if (cfg.block_same_name && strcmp(username(cur_cl), rdr->label) == 0) {
|
---|
918 | cs_debug_mask(D_TRACE, "ECMs origin %s has the same name as reader %s, blocked!", username(cur_cl), rdr->label);
|
---|
919 | return 0;
|
---|
920 | }
|
---|
921 | #ifdef WITH_CARDREADER
|
---|
922 | cs_debug_mask(D_TRACE, "matching_reader became slot attribute of %d", slot);
|
---|
923 | if (!is_network_reader(rdr) && slot == 1) {
|
---|
924 | // just check ratelimiter & cooldown, but no srvid assignment in slot
|
---|
925 | if(ecm_ratelimit_check(rdr, er, 0) != OK) return 0; //just check ratelimiter & cooldown
|
---|
926 | }
|
---|
927 | #endif
|
---|
928 | //All checks done, reader is matching!
|
---|
929 | return(1);
|
---|
930 | }
|
---|
931 |
|
---|
932 | int32_t chk_caid(uint16_t caid, CAIDTAB *ctab)
|
---|
933 | {
|
---|
934 | int32_t n, rc;
|
---|
935 | for (rc = -1, n=0; (n < CS_MAXCAIDTAB) && (rc < 0); n++)
|
---|
936 | if ((caid & ctab->mask[n]) == ctab->caid[n])
|
---|
937 | rc = ctab->cmap[n] ? ctab->cmap[n] : caid;
|
---|
938 | return rc;
|
---|
939 | }
|
---|
940 |
|
---|
941 | int32_t chk_caid_rdr(struct s_reader *rdr,uint16_t caid) {
|
---|
942 | if (is_network_reader(rdr)) {
|
---|
943 | return 1; //reader caid is not real caid
|
---|
944 | } else if (rdr->caid==caid) {
|
---|
945 | return 1;
|
---|
946 | }
|
---|
947 | return 0;
|
---|
948 | }
|
---|
949 |
|
---|
950 | int32_t chk_bcaid(ECM_REQUEST *er, CAIDTAB *ctab)
|
---|
951 | {
|
---|
952 | int32_t caid;
|
---|
953 | caid = chk_caid(er->caid, ctab);
|
---|
954 | if (caid < 0)
|
---|
955 | return 0;
|
---|
956 | er->caid = caid;
|
---|
957 | return 1;
|
---|
958 | }
|
---|