Andre Noll [Sat, 4 Jul 2009 13:52:39 +0000 (15:52 +0200)]
Revamp status item handling.
This patch changes the way the status items are printed and parsed.
The new parser-friendly format is used internally and, as a side
effect, is also available as an new listing mode for the ls command
and for the stat commands of both para_server and para_audiod.
With the new format, each status item is prefixed by its size, and the
status item identifier is printed as a numerical value. This simplifies
the parsing code in para_audiod/para_gui a bit and should make it
perform better as the status items do not have to be looked up by name.
More importantly, the new format gets rid of the restriction that
status items should not contain newline characters because the parser
knows in advance how much it has to read to get the complete item. This
restriction became a real problem as more and more audio files contain
(version 2 id3) tags that contain much more than a single line. For
example the linux podcast mp3 files contain the full content of the
podcast as text in the command tag.
Gerrit Renker [Tue, 30 Jun 2009 08:20:19 +0000 (10:20 +0200)]
Support netmask subsets
This allows to specify sets of addresses which are defined by sharing
the least-common netmask value.
For example, if the allow list contains the following addresses:
10.0.0.2/24 10.0.0.2/32
then the second address is redundant since it is already included
via the first one. The least-common netmask value is 24; with this
patch a command like
Andre Noll [Mon, 29 Jun 2009 17:34:24 +0000 (19:34 +0200)]
Obtain afs status items directly from afs.
This patch changes the way how the afs status items are passed from afs to the stat
command handler. Previously, afs passed the status item string to the server process
whenever a new audio file was loaded. The server process stored the string in the mmd
shared memory area from which it was available to the client process that executed the
stat command.
This approach has the disadvantage that the size of the string must be restricted to a
fixed number of bytes, VERBOSE_LS_OUTPUT_SIZE, determined at compile time and
independent of the audio file. As version 2 id3 tags and vorbis comments do not impose
an upper bound on the size of the tags a rather ugly patch was merged recently to the master
branch which truncated the size of the tags if it exceeded VERBOSE_LS_OUTPUT_SIZE.
This patch gets rid of this restriction by not storing the info string in the mmd structure. Instead,
the stat command requests the information directly from the afs process via the callback
mechanism which is also used by other afs commands.
Andre Noll [Fri, 26 Jun 2009 18:54:55 +0000 (20:54 +0200)]
Major audio format handler cleanups.
The main change is the replacement of afhi->taginfo by more specific
fields: This patch adds struct taginfo to the audio format handler
info struct.
The prefix is no longer stored inside the osl database, i.e. it is
no longer duplicated for each audio file.
The tag information is only stored in memory as a dynamically allocated
string if it is new, i.e. if the struct was generated by the audio format
handler. If it was retrieved from the database, pointers to the memory
mapped table are used instead.
The crappy fixup_info_string() function is gone. It was too ugly to live.
Of course, this re-introduces the bug it fixed, but as we broke the
on disk format with this patch anyway, we might as well fix it right(TM).
This will be done in a subsequent patch.
afhi->eof_tv is gone as well. It was not useful at all.
Andre Noll [Sun, 21 Jun 2009 18:55:07 +0000 (20:55 +0200)]
Stronger crypto for client authentication.
This patch changes the way clients are authenticated:
- The size of the challenge has been increased from sizeof(unsigned long)
to 64. Openssl's Rand_bytes() is used to get the random buffer for the
challenge and the rc4 keys.
- The client responds with the sha1 hash of the challenge rather than
sending back the decrypted challenge in plain text.
- The rc4 keys are now 2 x 32 bytes long. They are rsa encrypted and
sent together with the challenge.
- Authentication requests for invalid users are not immediatedly denied
as this would reveal the fact that the user does not exist.
- rsa keys are required to be at least 2048 bits long.
Andre Noll [Sun, 14 Jun 2009 20:50:11 +0000 (22:50 +0200)]
Make rc4 encryption/decryption more explicit.
The old code used a rather fancy way to (de)activate encryption on
a per fd basis: In net.c there was an array of rc4 keys, indexed by fd.
This is rather wastful because the array size is determined by the
highest fd for which encryption is activated.
It's also hard to comprehend and it's easy to get strange results if
one forgets to deactivate the encryption after the fd is closed.
This patch introduces a new structure, rc4_context, which consists of
an fd and the needed rc4 keys. Users explicitly call the new rc4 variants
of the receving/sending functions which take a pointer to a struct
rc4_context instead of a file descriptor but are otherwise identical.
Andre Noll [Wed, 27 May 2009 17:16:54 +0000 (19:16 +0200)]
Truncate overlong tag info and replace newlines by spaces.
The tag info which is computed by the audio format handlers and stored
in the audio file table is read into a fixed-size buffer by the audio
file selector in open_and_update_audio_file(), passed to the server
process and then sent to the client via the stat command. It is not
interpreted at all during this process. In particular, it is not
essential for correctly streaming the audio file.
Vorbis comments and id3v2 tags have no size limit and may contain
arbitrary data which may lead to the following twi problems:
- As noted by Gerrit Renker, if the tag info is too long
to fit into the fixed-size buffer, the current code skips
the audio file and removes it from the list of currently
admissible files. So para_server fails to stream such files.
- If the tag info contains newlines, these are included
verbatim in the status output which may confuse para_audiod.
This patch truncates the tag info string if it does not fit into the
4K buffer and replaces newlines by spaces. This is a bit ugly but
avoids both of the above problems. It's still possible to retrieve
the complete tag info via the "ls -lv" command.
Andre Noll [Sun, 10 May 2009 19:31:13 +0000 (21:31 +0200)]
rbtree: Add const qualifier to some functions.
The 'rb_first()', 'rb_last()', 'rb_next()' and 'rb_prev()' calls take a pointer
to an RB node or RB root. They do not change the pointed objects, so add a
'const' qualifier.
Andre Noll [Sun, 10 May 2009 15:40:42 +0000 (17:40 +0200)]
filter: Force a minimal select timeout if something was converted.
When filter_preselect() runs. other pre_select functions might have
already been called and decided to do nothing, e.g. because their
output buffer was full or the input buffer was empty.
If this call to filter_preselect() changed any of the involved buffers,
we want those other pre_select() functions to be called ASAP. So force
a minimal timeout for the next select call to avoid unnecessary delays.
Andre Noll [Sun, 10 May 2009 13:28:13 +0000 (15:28 +0200)]
mp3dec: Try harder to recover from non-fatal errors.
If there's still data left, try to decode the next header in the
same scheduler run. This avoids unnecessary copies of large parts
of the mp3 input buffer.
Andre Noll [Sun, 10 May 2009 12:11:38 +0000 (14:11 +0200)]
audiod: Properly handle wng open failures.
If opening the writer node group fails, no task is being registered to the
scheduler although a task structure is allocated. This makes audiod think
everything is fine until the output buffer of the receiver or a filter is
filled up which may take several seconds.
Fix this flaw by setting the error field of the wng to -E_TASK_UNREGISTERED.
This causes audiod to close the receiver node and the filter chain and to
clear the affected slot.
Andre Noll [Mon, 4 May 2009 11:34:16 +0000 (13:34 +0200)]
Fix compilation on FreeBSD.
Without these two includes, compilation fails on FreeBSD with
/usr/include/net/if.h:265: error: field `ifru_addr' has incomplete type
/usr/include/net/if.h:266: error: field `ifru_dstaddr' has incomplete type
/usr/include/net/if.h:267: error: field `ifru_broadaddr' has incomplete type
/usr/include/net/if.h:299: error: field `ifra_addr' has incomplete type
/usr/include/net/if.h:300: error: field `ifra_broadaddr' has incomplete type
/usr/include/net/if.h:301: error: field `ifra_mask' has incomplete type
/usr/include/net/if.h:368: error: field `addr' has incomplete type
/usr/include/net/if.h:369: error: field `dstaddr' has incomplete type
Andre Noll [Mon, 4 May 2009 11:12:17 +0000 (13:12 +0200)]
Fix two gcc warnings.
mp3_afh.c:420: warning: comparison of distinct pointer types lacks a cast
alsa_write.c:119: warning: format '%zu' expects type 'size_t', but argument 4 has type 'int'
Andre Noll [Sun, 3 May 2009 16:11:22 +0000 (18:11 +0200)]
Alsa fixes and cleanups.
This patch
- replaces the unused E_SND_PCM_INFO error by E_PHYSICAL_WIDTH,
- checks the return value of snd_pcm_format_physical_width() and returns
-E_PHYSICAL_WIDTH if this causes bytes_per_frame being non-positive,
- introduces an upper bound for the start threshold. Without that
change, playback could be delayed by several seconds on some alsa
configurations (problem pointed out by Johannes Wörner, thanks).
- does not return early on input errors which could cause the last
part of the audio stream being skipped.
- avoids calling snd_pcm_writei() with a frame count of zero which
could happen with the old code in case there's more than zero but
less than a full frame of audio data available.
- cleans up the documentation of struct private_alsa_write_data
Currently, filters must not change their output buffer on the fly
because the writer might already have a reference to the old buffer
and keeps using this buffer.
As dealing with changing output buffers requires much more work,
including changes to the generic filter and writer code, let's defer
this change to post 0.3.4.
Andre Noll [Sun, 26 Apr 2009 17:45:59 +0000 (19:45 +0200)]
Avoid dirty afs tables on shutdown.
The server process must wait for afs because afs catches SIGINT/SIGTERM
and may thus not respond immediately to these SIGNALS.
Before reacting to the signal, afs might want to use the shared memory
area and the mmd mutex. If the server process destroys this mutex
too early and afs tries to lock the shared memory area, the call to
mutex_lock() will fail and terminate the afs process. This leads to
dirty osl tables.
There's no such problem with the other children of the server process
(the command handlers) as these reset their SIGINT/SIGTERM handlers
to the default action, i.e. these processes get killed immediately
by the above kill().
Andre Noll [Sun, 26 Apr 2009 16:08:13 +0000 (18:08 +0200)]
Fix an invalid free() in command handlers.
The chunk table and the info_string are pointers located in the mmd
struct that point to dynamically allocated memory that must be freed
by the parent and the child. However, as the mmd struct is in a shared
memory area, there's no guarantee that after the fork these pointers
are still valid in child context. As these two pointers are not used
in the child anyway, we save them to local variables and free the
memory via that copy in the child.
Andre Noll [Sat, 25 Apr 2009 13:17:58 +0000 (15:17 +0200)]
[net]: Fix buffer overflow in send_cred_buffer().
As pointed out by Johannes Wörner, para_audioc crashes on recent
Ubuntu systems due to stack smashing. This is caused by writing past
the end of the control buffer which stores the message header and
the socket credentials.
This patch fixes the bug by allocating a properly sized buffer.
Andre Noll [Thu, 23 Apr 2009 15:18:03 +0000 (17:18 +0200)]
[udp_send] Refuse to stream files with invalid chunk tables.
If an audio file contains a chunk so large that even the maximal
possible number of slices is not sufficient to put this chunk into
a single FEC group, we must refuse to send this file. It's likely a
corrupt file anyway.
The old code in num_slices() was buggy as it returned the number of
slices needed to send the file as an uint8_t, so the return value
was actually the number of needed slices mod 256. This could trigger
the assert() in setup_next_fec_group() which checks that the group
contains at least one chunk.
This patch changes num_slices() to detect this situation more
reliably. As it is likely caused by a bad audio file rather than by a
networking problem, we do _not_ kick the fec client, but deactivate
it for the current file only. This requires the new "error" member
of struct fec_client which indicates a temporarily disabled fec client.
Andre Noll [Thu, 23 Apr 2009 11:39:04 +0000 (13:39 +0200)]
[mp3_afh]: Ignore junk at the end of an mp3 file.
There are mp3 files containing large areas of zeros at the end of the
file. The old code in mp3_afh.c would include these zeros in the last
chunk of the file.
This leads to unnecessary network traffic as including this area in
a chunk means that useless data is going to be sent to the client.
More importantly, it causes the udp sender to bail out because such
large chunks can not be fec-encoded, even with the maximal number
of slices.
This patch uses frame_start+frame_length instead of the file size as
the end of the last chunk which avoids this particular problem.
Andre Noll [Mon, 6 Apr 2009 16:41:37 +0000 (18:41 +0200)]
Use para_sigaction() in command handlers.
This allows to get rid of an ugly hack for solaris. The patch also adds checks
for whether the signals were reset sucessfully in the command handler and
aborts early on errors.
Andre Noll [Mon, 6 Apr 2009 15:53:46 +0000 (17:53 +0200)]
Introduce para_sigaction().
This wrapper for sigaction() is public and may be used to setup
a handler different from the generic handler that gets installed
for the signal by para_install_sighandler().
Andre Noll [Mon, 6 Apr 2009 15:45:44 +0000 (17:45 +0200)]
signal: Switch from signal() to sigaction.
Use of signal() should be avoided because the behavior of signal() varies
across Unix versions, and has also varied historically across different
versions of Linux.
This patch rewrites para_install_sighandler so that it calls sigaction()
instead of signal(). The implementation is taken from good old APUE.
There are a couple of other users of signal() in the paraslash code. Most
of which are OK because they use signal() only to ignore/reset a signal which
happens to be the only portable use of signal(). All other users of signal()
have to be converted in subsequent patches.
Andre Noll [Sat, 21 Mar 2009 16:46:43 +0000 (17:46 +0100)]
server: Use a temporary SIGCHLD handler to catch afs init failures.
If afs dies immediately on startup (because of dirty tables) para_server
would not notice as the SIGCHLD handler is being intalled after the
call to afs_init().