MyFavMirrors/owntone-server
1
0
Fork 0
mirror of https://github.com/owntone/owntone-server.git synced 2025-10-30 00:05:05 -04:00
Code Issues Packages Projects Releases Wiki Activity

[daap] Fix missing prompt for library password for non-remote DAAP clients (fixes #594)

Browse Source
This commit is contained in:
ejurgensen 2018-09-30 22:39:53 +02:00
parent b54c9ff1c6
commit 75743bea80
1 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/httpd_daap.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2016-2017 Espen Jürgensen <espenjurgensen@gmail.com>
* Copyright (C) 2016-2018 Espen Jürgensen <espenjurgensen@gmail.com>
* Copyright (C) 2009-2011 Julien BLACHE <jb@jblache.org>
* Copyright (C) 2010 Kai Elwert <elwertk@googlemail.com>
*
@ -718,10 +718,17 @@ daap_request_authorize(struct httpd_request *hreq)
if (peer_address_is_trusted(hreq->peer_address))
return 0;
// Regular DAAP clients like iTunes will login with /login, and we will reply
// with httpd_basic_auth() if a library password is set. Remote clients will
// also call /login, but they should not get a httpd_basic_auth(), instead
// daap_reply_login() will take care of auth.
if (session->is_remote && (strcmp(hreq->uri_parsed->path, "/login") == 0))
return 0;
param = evhttp_find_header(hreq->query, "session-id");
if (param)
{
if (!session)
if (session->id == 0)
{
DPRINTF(E_LOG, L_DAAP, "Unauthorized request from '%s', DAAP session not found: '%s'\n", hreq->peer_address, hreq->uri_parsed->uri);
return -1;
@ -737,7 +744,6 @@ daap_request_authorize(struct httpd_request *hreq)
// If no valid session then we may need to authenticate
if ((strcmp(hreq->uri_parsed->path, "/server-info") == 0)
|| (strcmp(hreq->uri_parsed->path, "/login") == 0)
|| (strcmp(hreq->uri_parsed->path, "/logout") == 0)
|| (strcmp(hreq->uri_parsed->path, "/content-codes") == 0)
|| (strncmp(hreq->uri_parsed->path, "/databases/1/items/", strlen("/databases/1/items/")) == 0))
@ -1004,7 +1010,7 @@ daap_reply_update(struct httpd_request *hreq)
DPRINTF(E_DBG, L_DAAP, "Missing revision-number in client update request\n");
/* Some players (Amarok, Banshee) don't supply a revision number.
They get a standard update of everything. */
param = "1"; /* Default to "1" will insure update */
param = "1"; /* Default to "1" will ensure an update */
}
ret = safe_atoi32(param, &reqd_rev);
@ -2258,14 +2264,6 @@ daap_request(struct evhttp_request *req, struct httpd_uri_parsed *uri_parsed)
hreq->extra_data = daap_session_get(id);
}
ret = daap_request_authorize(hreq);
if (ret < 0)
{
httpd_send_error(req, 403, "Forbidden");
free(hreq);
return;
}
// Create an ad-hoc session, which is a way of passing is_remote to the handler, even though no real session exists
if (!hreq->extra_data)
{
@ -2274,6 +2272,14 @@ daap_request(struct evhttp_request *req, struct httpd_uri_parsed *uri_parsed)
hreq->extra_data = &session;
}
ret = daap_request_authorize(hreq);
if (ret < 0)
{
httpd_send_error(req, 403, "Forbidden");
free(hreq);
return;
}
// Set reply headers
headers = evhttp_request_get_output_headers(req);
evhttp_add_header(headers, "Accept-Ranges", "bytes");