From 44bf308701fff3bcfae02c7fa05bf0508d006a9f Mon Sep 17 00:00:00 2001 From: Julien BLACHE Date: Sat, 30 Jan 2010 13:04:17 +0100 Subject: [PATCH] Waive HTTP authentication on the library for Remote DAAP queries from Remote won't need HTTP authentication as they all require a valid session-id; Remote can only obtain a valid session-id if its pairing-guid is known to us (it did pair successfully with us). --- src/httpd_daap.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/httpd_daap.c b/src/httpd_daap.c index 51feb2a1..86c02875 100644 --- a/src/httpd_daap.c +++ b/src/httpd_daap.c @@ -2128,6 +2128,7 @@ daap_request(struct evhttp_request *req) char *uri_parts[7]; struct evbuffer *evbuf; struct evkeyvalq query; + const char *ua; cfg_t *lib; char *libname; char *passwd; @@ -2218,6 +2219,15 @@ daap_request(struct evhttp_request *req) || (strncmp(uri, "/databases/1/items/", strlen("/databases/1/items/")) == 0)) passwd = NULL; + /* Waive HTTP authentication for Remote + * Remotes are authentified by their pairing-guid; DAAP queries require a + * valid session-id that Remote can only obtain if its pairing-guid is in + * our database. So HTTP authentication is waived for Remote. + */ + ua = evhttp_find_header(req->input_headers, "User-Agent"); + if ((ua) && (strncmp(ua, "Remote", strlen("Remote")) == 0)) + passwd = NULL; + if (passwd) { libname = cfg_getstr(lib, "name");