added blocking of invalid cws/dcws for Cache-Ex.

list the fake cws in oscam.fakecws, one dcw each line.
fake cw blocking can be enabled with "cacheex_block_fakecws" in reader (ce mode 2)/account (ce mode 3) config

git-svn-id: http://streamboard.de.vu/svn/oscam/trunk@10919 4b0bc96b-bc66-0410-9d44-ebda105a78c1

globals.h

@@ -1363,6 +1363,7 @@ typedef struct ce_csp_t
 	uint8_t         allow_reforward;
 	uint8_t         drop_csp;
 	uint8_t         allow_filter;
+	uint8_t         block_fakecws;
 } CECSP;
 
 struct s_emmlen_range
@@ -1736,6 +1737,17 @@ struct s_rlimit
 	struct s_rlimit *next;
 };
 
+struct s_cw
+{
+	uint8_t cw[16];
+};
+
+struct s_fakecws
+{
+	uint32_t count;
+	struct s_cw *data;	
+};
+
 struct s_tierid
 {
 	uint16_t        tierid;
@@ -2090,6 +2102,9 @@ struct s_config
 
 	//Ratelimit list
 	struct s_rlimit *ratelimit_list;
+
+	// fake cws
+	struct s_fakecws fakecws;
 };
 
 struct s_clientinit

module-cacheex.c

@@ -625,7 +625,7 @@ static int32_t cacheex_add_to_cache_int(struct s_client *cl, ECM_REQUEST *er, in
 		cs_log_dbg(D_CACHEEX, "CACHEX received, but invalid client state %s", username(cl));
 		return 0;
 	}
-
+	
 	uint8_t i, c;
 	uint8_t null = 0;
 	for(i = 0; i < 16; i += 4)
@@ -651,7 +651,6 @@ static int32_t cacheex_add_to_cache_int(struct s_client *cl, ECM_REQUEST *er, in
 		return 0;
 	}
 
-
 	if(get_odd_even(er)==0){
 		cs_log_dbg(D_CACHEEX, "push received ecm with null odd/even byte from %s", csp ? "csp" : username(cl));
 		cl->cwcacheexerr++;
@@ -660,7 +659,6 @@ static int32_t cacheex_add_to_cache_int(struct s_client *cl, ECM_REQUEST *er, in
 		return 0;
 	}
 
-
 	if(!chk_halfCW(er, er->cw)){
 		log_cacheex_cw(er, "bad half cw");
 
@@ -670,6 +668,18 @@ static int32_t cacheex_add_to_cache_int(struct s_client *cl, ECM_REQUEST *er, in
 		return 0;
 	}
 
+	if(!csp && ((cl->reader && cl->reader->cacheex.block_fakecws) 
+				|| (!cl->reader && cl->account && cl->account->cacheex.block_fakecws)))
+	{
+		if(chk_is_fakecw(er->cw))
+		{
+			cs_log_dbg(D_CACHEEX, "push received fake cw from %s", csp ? "csp" : username(cl));
+			cl->cwcacheexerr++;
+			if(cl->account)
+				{ cl->account->cwcacheexerr++; }
+			return 0;
+		}
+	}
 
 	er->grp |= cl->grp;  //ok for mode2 reader too: cl->reader->grp
 	er->rc = E_CACHEEX;

module-webif.c

@@ -119,7 +119,8 @@ static bool use_srvid2 = false;
 #define MNU_CFG_RATELIMIT 26
 #define MNU_CFG_FCSS 27
 #define MNU_CFG_FSRVID2 28
-#define MNU_CFG_TOTAL_ITEMS 29 // sum of items above. Use it for "All inactive" in function calls too.
+#define MNU_CFG_FFAKECWS 29
+#define MNU_CFG_TOTAL_ITEMS 30 // sum of items above. Use it for "All inactive" in function calls too.
 
 static void set_status_info_var(struct templatevars *vars, char *varname, int no_data, char *fmt, double value) {
 	if (no_data)
@@ -1903,6 +1904,7 @@ static char *send_oscam_reader_config(struct templatevars *vars, struct uriparam
 	tpl_addVar(vars, TPLADD, "DCCHECKED", (rdr->cacheex.drop_csp == 1) ? "checked" : "");
 	tpl_addVar(vars, TPLADD, "ARCHECKED", (rdr->cacheex.allow_request == 1) ? "checked" : "");
 	tpl_addVar(vars, TPLADD, "AFCHECKED", (rdr->cacheex.allow_filter == 1) ? "checked" : "");
+	tpl_addVar(vars, TPLADD, "BLOCKFAKECWSCHECKED", (rdr->cacheex.block_fakecws == 1) ? "checked" : "");
 #endif
 
 	// BoxID
@@ -3014,6 +3016,7 @@ static char *send_oscam_user_config_edit(struct templatevars *vars, struct uripa
 	tpl_addVar(vars, TPLADD, "DCCHECKED", (account->cacheex.drop_csp == 1) ? "checked" : "");
 	tpl_addVar(vars, TPLADD, "ARCHECKED", (account->cacheex.allow_request == 1) ? "checked" : "");
 	tpl_addVar(vars, TPLADD, "AFCHECKED", (account->cacheex.allow_filter == 1) ? "checked" : "");
+	tpl_addVar(vars, TPLADD, "BLOCKFAKECWSCHECKED", (account->cacheex.block_fakecws == 1) ? "checked" : "");
 	tpl_addVar(vars, TPLADD, "NWTCHECKED", (account->no_wait_time == 1) ? "checked" : "");
 
 #endif
@@ -5938,6 +5941,7 @@ static char *send_oscam_files(struct templatevars * vars, struct uriparams * par
 #ifdef HAVE_DVBAPI
 		{ "oscam.dvbapi",    MNU_CFG_FDVBAPI,   FTYPE_CONFIG },
 #endif
+		{ "oscam.fakecws",   MNU_CFG_FFAKECWS,  FTYPE_CONFIG },
 #ifdef CS_ANTICASC
 		{ "anticasc",        MNU_CFG_FACLOG,    FTYPE_ANTICASC },
 #endif
@@ -6084,6 +6088,9 @@ static char *send_oscam_files(struct templatevars * vars, struct uriparams * par
 					case MNU_CFG_WHITELIST:
 						global_whitelist_read();
 						break;
+					case MNU_CFG_FFAKECWS:
+						init_fakecws();
+						break;
 					default:
 						break;
 					}

oscam-chk.c

@@ -5,6 +5,7 @@
 #include "oscam-chk.h"
 #include "oscam-ecm.h"
 #include "oscam-client.h"
+#include "oscam-lock.h"
 #include "oscam-net.h"
 #include "oscam-string.h"
 #include "module-stat.h"
@@ -1090,3 +1091,22 @@ uint16_t caidvaluetab_get_value(CAIDVALUETAB *cv, uint16_t caid, uint16_t defaul
 	}
 	return default_value;
 }
+
+
+int32_t chk_is_fakecw(uint8_t *cw)
+{
+	uint32_t i, is_fakecw = 0;
+
+	cs_readlock(__func__, &config_lock);
+	for(i=0; i<cfg.fakecws.count; i++)
+	{
+		if(memcmp(cw, cfg.fakecws.data[i].cw, 16) == 0)
+		{
+			is_fakecw = 1;
+			break;
+		}	
+	}
+	cs_readunlock(__func__, &config_lock);
+
+	return is_fakecw;
+}

oscam-chk.h

@@ -37,5 +37,6 @@ int8_t chk_halfCW(ECM_REQUEST *er, uchar *cw);
 int32_t chk_is_null_nodeid(uint8_t node_id[], uint8_t len);
 bool check_client(struct s_client *cl);
 uint16_t caidvaluetab_get_value(CAIDVALUETAB *cv, uint16_t caid, uint16_t default_value);
+int32_t chk_is_fakecw(uint8_t *cw);
 
 #endif

oscam-config-account.c

@@ -371,6 +371,7 @@ static const struct config_list account_opts[] =
 	DEF_OPT_UINT8("cacheex_allow_request"   , OFS(cacheex.allow_request),   0),
 	DEF_OPT_UINT8("no_wait_time"        , OFS(no_wait_time),            0),
 	DEF_OPT_UINT8("cacheex_allow_filter", OFS(cacheex.allow_filter),    1),	
+	DEF_OPT_UINT8("cacheex_block_fakecws",OFS(cacheex.block_fakecws),   0),	
 #endif
 #ifdef MODULE_CCCAM
 	DEF_OPT_INT32("cccmaxhops"          , OFS(cccmaxhops),              DEFAULT_CC_MAXHOPS),

oscam-config-reader.c

@@ -806,7 +806,8 @@ static const struct config_list reader_opts[] =
 	DEF_OPT_FUNC("cacheex_ecm_filter"       , OFS(cacheex.filter_caidtab),  cacheex_hitvaluetab_fn),
 	DEF_OPT_UINT8("cacheex_allow_request"   , OFS(cacheex.allow_request),   0),
 	DEF_OPT_UINT8("cacheex_drop_csp"        , OFS(cacheex.drop_csp),        0),
-	DEF_OPT_UINT8("cacheex_allow_filter", OFS(cacheex.allow_filter),    1),	
+	DEF_OPT_UINT8("cacheex_allow_filter", OFS(cacheex.allow_filter),    1),
+	DEF_OPT_UINT8("cacheex_block_fakecws",OFS(cacheex.block_fakecws),   0),
 #endif
 	DEF_OPT_FUNC("caid"                 , OFS(ctab),                    reader_caid_fn),
 	DEF_OPT_FUNC("atr"                  , 0,                            atr_fn),

oscam-config.c

@@ -22,6 +22,7 @@ extern uint16_t len4caid[256];
 #define cs_sidt             "oscam.services"
 #define cs_whitelist        "oscam.whitelist"
 #define cs_provid           "oscam.provid"
+#define cs_fakecws          "oscam.fakecws"
 
 uint32_t cfg_sidtab_generation = 1;
 
@@ -706,6 +707,99 @@ int32_t init_srvid(void)
 	return (0);
 }
 
+int32_t init_fakecws(void)
+{
+	int32_t nr = 0, alloccount = 0, i;
+	char *token, cw_string[64]; 
+	uint8_t cw[16], wrong_checksum, c;
+	FILE *fp;
+
+	cs_writelock(__func__, &config_lock);
+	cfg.fakecws.count = 0;
+	NULLFREE(cfg.fakecws.data);
+	cs_writeunlock(__func__, &config_lock);
+
+	fp = open_config_file(cs_fakecws);
+	if(!fp)
+		{ return 0; }
+
+	if(!cs_malloc(&token, MAXLINESIZE))
+		{ return 0; }
+
+	while(fgets(token, MAXLINESIZE, fp))
+	{
+		if(sscanf(token, " %62s ", cw_string) == 1)
+		{
+			if(strlen(cw_string) == 32)
+			{
+				alloccount++;
+			}
+			else
+			{
+				cs_log("skipping fake cw %s because of wrong length (%d != 32)!", cw_string, strlen(cw_string));
+			}
+		}
+	} 
+
+	if(alloccount < 1 || !cs_malloc(&cfg.fakecws.data, sizeof(struct s_cw)*alloccount))
+	{
+		NULLFREE(token);
+		fclose(fp);
+		return 0;
+	}
+
+	fseek(fp, 0, SEEK_SET);
+
+	while(fgets(token, MAXLINESIZE, fp) && nr < alloccount)
+	{
+		if(sscanf(token, " %62s ", cw_string) == 1)
+		{
+			if(strlen(cw_string) == 32)
+			{
+				if(cs_atob(cw, cw_string, 16) == 16)
+				{
+					wrong_checksum = 0;
+
+					for(i = 0; i < 16; i += 4)
+					{
+						c = ((cw[i] + cw[i + 1] + cw[i + 2]) & 0xff);
+						if(cw[i + 3] != c)
+						{
+							wrong_checksum = 1;
+						}
+					}
+
+					if(wrong_checksum)
+					{
+						cs_log("skipping fake cw %s because of wrong checksum!", cw_string);
+					}
+					else
+					{
+						memcpy(cfg.fakecws.data[nr].cw, cw, 16);
+						nr++;
+					}
+				}
+				else
+				{
+					cs_log("skipping fake cw %s because it contains invalid characters!", cw_string);
+				}
+			}
+		}
+	}
+
+	NULLFREE(token);
+	fclose(fp);
+
+	if(nr > 0)
+		{ cs_log("%d fakecws's loaded", nr); }
+
+	cs_writelock(__func__, &config_lock);
+	cfg.fakecws.count = nr;
+	cs_writeunlock(__func__, &config_lock);
+
+	return 0;
+}
+
 static struct s_rlimit *ratelimit_read_int(void)
 {
 	FILE *fp = open_config_file(cs_ratelimit);

oscam-config.h

@@ -36,6 +36,7 @@ void ratelimit_read(void);
 int32_t init_provid(void);
 int32_t init_srvid(void);
 int32_t init_tierid(void);
+int32_t init_fakecws(void);
 void    init_len4caid(void);
 
 /* Shared parser functions */

oscam.c

@@ -665,6 +665,7 @@ static void cs_reload_config(void)
 	init_provid();
 	init_srvid();
 	init_tierid();
+	init_fakecws();
 	ac_init_stat();
 	cs_reopen_log(); // FIXME: aclog.log, emm logs, cw logs (?)
 
@@ -1754,6 +1755,7 @@ int32_t main(int32_t argc, char *argv[])
 	init_provid();
 	init_srvid();
 	init_tierid();
+	init_fakecws();
 
 	start_garbage_collector(gbdb);
 

webif/files/menu.html

@@ -10,14 +10,15 @@
 ##TPLFILEMENUANTICASC##
 		<LI CLASS="##CMENUACTIVE20##"><A HREF="files.html?file=logfile">logfile</A></LI>
 		<LI CLASS="##CMENUACTIVE21##"><A HREF="files.html?file=userfile">userfile</A></LI>
-		<LI CLASS="##CMENUACTIVE16## ##CMENUACTIVE28## ##CMENUACTIVE19## ##CMENUACTIVE25## ##CMENUACTIVE26## ##CMENUACTIVE27##"><A HREF="#"  class="drop">other file<b class="subcaret"></b></A>
+		<LI CLASS="##CMENUACTIVE16## ##CMENUACTIVE19## ##CMENUACTIVE25## ##CMENUACTIVE26## ##CMENUACTIVE27## ##CMENUACTIVE28## ##CMENUACTIVE29##"><A HREF="#"  class="drop">other file<b class="subcaret"></b></A>
 			<UL CLASS="dropdown_nav">
 				<LI CLASS="##CMENUACTIVE16##"><A HREF="files.html?file=oscam.services">oscam.services</A></LI>
 				<LI CLASS="##CMENUACTIVE19##"><A HREF="files.html?file=oscam.tiers">oscam.tiers</A></LI>
 				<LI CLASS="##CMENUACTIVE25##"><A HREF="files.html?file=oscam.whitelist">oscam.whitelist</A></LI>
 				<LI CLASS="##CMENUACTIVE26##"><A HREF="files.html?file=oscam.ratelimit">oscam.ratelimit</A></LI>
+				##FILEEDITCSS_SHOW##
 				<LI CLASS="##CMENUACTIVE28##"><A HREF="files.html?file=##SRVIDSUB##">##SRVIDSUB##</A></LI>
-                ##FILEEDITCSS_SHOW##
+				<LI CLASS="##CMENUACTIVE29##"><A HREF="files.html?file=oscam.fakecws">oscam.fakecws</A></LI>
 			</UL>
 		</LI>
 	</UL>

webif/readerconfig/readerconfig_cacheexbit.html

@@ -21,3 +21,12 @@
 						</TABLE>
 					</TD>
 				</TR>
+				<TR><TD><A>Block fake cws:</A></TD>
+					<TD CLASS="invisible">
+						<TABLE>
+							<TR>
+								<TD><input name="cacheex_block_fakecws" value="0" type="hidden"><input name="cacheex_block_fakecws" value="1" type="checkbox" ##BLOCKFAKECWSCHECKED##></TD>
+							</TR>
+						</TABLE>
+					</TD>
+				</TR>

webif/user_edit/user_edit_cacheexbit.html

@@ -22,3 +22,12 @@
 						</TABLE>
 					</TD>
 				</TR>
+				<TR><TD><A>Block fake cws:</A></TD>
+					<TD CLASS="invisible">
+						<TABLE>
+							<TR>
+								<TD><input name="cacheex_block_fakecws" value="0" type="hidden"><input name="cacheex_block_fakecws" value="1" type="checkbox" ##BLOCKFAKECWSCHECKED##></TD>
+							</TR>
+						</TABLE>
+					</TD>
+				</TR>