|  |  | @@ -22,6 +22,9 @@ | 
		
	
		
			
			|  |  |  | #include "httpauth.h" | 
		
	
		
			
			|  |  |  | #include "libavutil/base64.h" | 
		
	
		
			
			|  |  |  | #include "libavutil/avstring.h" | 
		
	
		
			
			|  |  |  | #include "internal.h" | 
		
	
		
			
			|  |  |  | #include "libavutil/random_seed.h" | 
		
	
		
			
			|  |  |  | #include "libavutil/md5.h" | 
		
	
		
			
			|  |  |  | #include "avformat.h" | 
		
	
		
			
			|  |  |  | #include <ctype.h> | 
		
	
		
			
			|  |  |  | 
 | 
		
	
	
		
			
				|  |  | @@ -90,6 +93,53 @@ static void handle_basic_params(HTTPAuthState *state, const char *key, | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | static void handle_digest_params(HTTPAuthState *state, const char *key, | 
		
	
		
			
			|  |  |  | int key_len, char **dest, int *dest_len) | 
		
	
		
			
			|  |  |  | { | 
		
	
		
			
			|  |  |  | DigestParams *digest = &state->digest_params; | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | if (!strncmp(key, "realm=", key_len)) { | 
		
	
		
			
			|  |  |  | *dest     =        state->realm; | 
		
	
		
			
			|  |  |  | *dest_len = sizeof(state->realm); | 
		
	
		
			
			|  |  |  | } else if (!strncmp(key, "nonce=", key_len)) { | 
		
	
		
			
			|  |  |  | *dest     =        digest->nonce; | 
		
	
		
			
			|  |  |  | *dest_len = sizeof(digest->nonce); | 
		
	
		
			
			|  |  |  | } else if (!strncmp(key, "opaque=", key_len)) { | 
		
	
		
			
			|  |  |  | *dest     =        digest->opaque; | 
		
	
		
			
			|  |  |  | *dest_len = sizeof(digest->opaque); | 
		
	
		
			
			|  |  |  | } else if (!strncmp(key, "algorithm=", key_len)) { | 
		
	
		
			
			|  |  |  | *dest     =        digest->algorithm; | 
		
	
		
			
			|  |  |  | *dest_len = sizeof(digest->algorithm); | 
		
	
		
			
			|  |  |  | } else if (!strncmp(key, "qop=", key_len)) { | 
		
	
		
			
			|  |  |  | *dest     =        digest->qop; | 
		
	
		
			
			|  |  |  | *dest_len = sizeof(digest->qop); | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | static void handle_digest_update(HTTPAuthState *state, const char *key, | 
		
	
		
			
			|  |  |  | int key_len, char **dest, int *dest_len) | 
		
	
		
			
			|  |  |  | { | 
		
	
		
			
			|  |  |  | DigestParams *digest = &state->digest_params; | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | if (!strncmp(key, "nextnonce=", key_len)) { | 
		
	
		
			
			|  |  |  | *dest     =        digest->nonce; | 
		
	
		
			
			|  |  |  | *dest_len = sizeof(digest->nonce); | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | static void choose_qop(char *qop, int size) | 
		
	
		
			
			|  |  |  | { | 
		
	
		
			
			|  |  |  | char *ptr = strstr(qop, "auth"); | 
		
	
		
			
			|  |  |  | char *end = ptr + strlen("auth"); | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | if (ptr && (!*end || isspace(*end) || *end == ',') && | 
		
	
		
			
			|  |  |  | (ptr == qop || isspace(ptr[-1]) || ptr[-1] == ',')) { | 
		
	
		
			
			|  |  |  | av_strlcpy(qop, "auth", size); | 
		
	
		
			
			|  |  |  | } else { | 
		
	
		
			
			|  |  |  | qop[0] = 0; | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, | 
		
	
		
			
			|  |  |  | const char *value) | 
		
	
		
			
			|  |  |  | { | 
		
	
	
		
			
				|  |  | @@ -103,8 +153,139 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, | 
		
	
		
			
			|  |  |  | state->auth_type = HTTP_AUTH_BASIC; | 
		
	
		
			
			|  |  |  | state->realm[0] = 0; | 
		
	
		
			
			|  |  |  | parse_key_value(p, handle_basic_params, state); | 
		
	
		
			
			|  |  |  | } else if (av_stristart(value, "Digest ", &p) && | 
		
	
		
			
			|  |  |  | state->auth_type <= HTTP_AUTH_DIGEST) { | 
		
	
		
			
			|  |  |  | state->auth_type = HTTP_AUTH_DIGEST; | 
		
	
		
			
			|  |  |  | memset(&state->digest_params, 0, sizeof(DigestParams)); | 
		
	
		
			
			|  |  |  | state->realm[0] = 0; | 
		
	
		
			
			|  |  |  | parse_key_value(p, handle_digest_params, state); | 
		
	
		
			
			|  |  |  | choose_qop(state->digest_params.qop, | 
		
	
		
			
			|  |  |  | sizeof(state->digest_params.qop)); | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | } else if (!strcmp(key, "Authentication-Info")) { | 
		
	
		
			
			|  |  |  | parse_key_value(value, handle_digest_update, state); | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | static void update_md5_strings(struct AVMD5 *md5ctx, ...) | 
		
	
		
			
			|  |  |  | { | 
		
	
		
			
			|  |  |  | va_list vl; | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | va_start(vl, md5ctx); | 
		
	
		
			
			|  |  |  | while (1) { | 
		
	
		
			
			|  |  |  | const char* str = va_arg(vl, const char*); | 
		
	
		
			
			|  |  |  | if (!str) | 
		
	
		
			
			|  |  |  | break; | 
		
	
		
			
			|  |  |  | av_md5_update(md5ctx, str, strlen(str)); | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | va_end(vl); | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | /* Generate a digest reply, according to RFC 2617. */ | 
		
	
		
			
			|  |  |  | static char *make_digest_auth(HTTPAuthState *state, const char *username, | 
		
	
		
			
			|  |  |  | const char *password, const char *uri, | 
		
	
		
			
			|  |  |  | const char *method) | 
		
	
		
			
			|  |  |  | { | 
		
	
		
			
			|  |  |  | DigestParams *digest = &state->digest_params; | 
		
	
		
			
			|  |  |  | int len; | 
		
	
		
			
			|  |  |  | uint32_t cnonce_buf[2]; | 
		
	
		
			
			|  |  |  | char cnonce[9]; | 
		
	
		
			
			|  |  |  | char nc[9]; | 
		
	
		
			
			|  |  |  | int i; | 
		
	
		
			
			|  |  |  | char A1hash[33], A2hash[33], response[33]; | 
		
	
		
			
			|  |  |  | struct AVMD5 *md5ctx; | 
		
	
		
			
			|  |  |  | uint8_t hash[16]; | 
		
	
		
			
			|  |  |  | char *authstr; | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | digest->nc++; | 
		
	
		
			
			|  |  |  | snprintf(nc, sizeof(nc), "%08x", digest->nc); | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | /* Generate a client nonce. */ | 
		
	
		
			
			|  |  |  | for (i = 0; i < 2; i++) | 
		
	
		
			
			|  |  |  | cnonce_buf[i] = ff_random_get_seed(); | 
		
	
		
			
			|  |  |  | ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1); | 
		
	
		
			
			|  |  |  | cnonce[2*sizeof(cnonce_buf)] = 0; | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | md5ctx = av_malloc(av_md5_size); | 
		
	
		
			
			|  |  |  | if (!md5ctx) | 
		
	
		
			
			|  |  |  | return NULL; | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | av_md5_init(md5ctx); | 
		
	
		
			
			|  |  |  | update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL); | 
		
	
		
			
			|  |  |  | av_md5_final(md5ctx, hash); | 
		
	
		
			
			|  |  |  | ff_data_to_hex(A1hash, hash, 16, 1); | 
		
	
		
			
			|  |  |  | A1hash[32] = 0; | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) { | 
		
	
		
			
			|  |  |  | } else if (!strcmp(digest->algorithm, "MD5-sess")) { | 
		
	
		
			
			|  |  |  | av_md5_init(md5ctx); | 
		
	
		
			
			|  |  |  | update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL); | 
		
	
		
			
			|  |  |  | av_md5_final(md5ctx, hash); | 
		
	
		
			
			|  |  |  | ff_data_to_hex(A1hash, hash, 16, 1); | 
		
	
		
			
			|  |  |  | A1hash[32] = 0; | 
		
	
		
			
			|  |  |  | } else { | 
		
	
		
			
			|  |  |  | /* Unsupported algorithm */ | 
		
	
		
			
			|  |  |  | av_free(md5ctx); | 
		
	
		
			
			|  |  |  | return NULL; | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | av_md5_init(md5ctx); | 
		
	
		
			
			|  |  |  | update_md5_strings(md5ctx, method, ":", uri, NULL); | 
		
	
		
			
			|  |  |  | av_md5_final(md5ctx, hash); | 
		
	
		
			
			|  |  |  | ff_data_to_hex(A2hash, hash, 16, 1); | 
		
	
		
			
			|  |  |  | A2hash[32] = 0; | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | av_md5_init(md5ctx); | 
		
	
		
			
			|  |  |  | update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL); | 
		
	
		
			
			|  |  |  | if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) { | 
		
	
		
			
			|  |  |  | update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL); | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | update_md5_strings(md5ctx, ":", A2hash, NULL); | 
		
	
		
			
			|  |  |  | av_md5_final(md5ctx, hash); | 
		
	
		
			
			|  |  |  | ff_data_to_hex(response, hash, 16, 1); | 
		
	
		
			
			|  |  |  | response[32] = 0; | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | av_free(md5ctx); | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) { | 
		
	
		
			
			|  |  |  | } else if (!strcmp(digest->qop, "auth-int")) { | 
		
	
		
			
			|  |  |  | /* qop=auth-int not supported */ | 
		
	
		
			
			|  |  |  | return NULL; | 
		
	
		
			
			|  |  |  | } else { | 
		
	
		
			
			|  |  |  | /* Unsupported qop value. */ | 
		
	
		
			
			|  |  |  | return NULL; | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) + | 
		
	
		
			
			|  |  |  | strlen(uri) + strlen(response) + strlen(digest->algorithm) + | 
		
	
		
			
			|  |  |  | strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) + | 
		
	
		
			
			|  |  |  | strlen(nc) + 150; | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | authstr = av_malloc(len); | 
		
	
		
			
			|  |  |  | if (!authstr) | 
		
	
		
			
			|  |  |  | return NULL; | 
		
	
		
			
			|  |  |  | snprintf(authstr, len, "Authorization: Digest "); | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | /* TODO: Escape the quoted strings properly. */ | 
		
	
		
			
			|  |  |  | av_strlcatf(authstr, len, "username=\"%s\"",   username); | 
		
	
		
			
			|  |  |  | av_strlcatf(authstr, len, ",realm=\"%s\"",     state->realm); | 
		
	
		
			
			|  |  |  | av_strlcatf(authstr, len, ",nonce=\"%s\"",     digest->nonce); | 
		
	
		
			
			|  |  |  | av_strlcatf(authstr, len, ",uri=\"%s\"",       uri); | 
		
	
		
			
			|  |  |  | av_strlcatf(authstr, len, ",response=\"%s\"",  response); | 
		
	
		
			
			|  |  |  | if (digest->algorithm[0]) | 
		
	
		
			
			|  |  |  | av_strlcatf(authstr, len, ",algorithm=%s",  digest->algorithm); | 
		
	
		
			
			|  |  |  | if (digest->opaque[0]) | 
		
	
		
			
			|  |  |  | av_strlcatf(authstr, len, ",opaque=\"%s\"", digest->opaque); | 
		
	
		
			
			|  |  |  | if (digest->qop[0]) { | 
		
	
		
			
			|  |  |  | av_strlcatf(authstr, len, ",qop=\"%s\"",    digest->qop); | 
		
	
		
			
			|  |  |  | av_strlcatf(authstr, len, ",cnonce=\"%s\"", cnonce); | 
		
	
		
			
			|  |  |  | av_strlcatf(authstr, len, ",nc=%s",         nc); | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | av_strlcatf(authstr, len, "\r\n"); | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | return authstr; | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth, | 
		
	
	
		
			
				|  |  | @@ -126,6 +307,17 @@ char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth, | 
		
	
		
			
			|  |  |  | ptr = authstr + strlen(authstr); | 
		
	
		
			
			|  |  |  | av_base64_encode(ptr, auth_b64_len, auth, strlen(auth)); | 
		
	
		
			
			|  |  |  | av_strlcat(ptr, "\r\n", len); | 
		
	
		
			
			|  |  |  | } else if (state->auth_type == HTTP_AUTH_DIGEST) { | 
		
	
		
			
			|  |  |  | char *username = av_strdup(auth), *password; | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | if (!username) | 
		
	
		
			
			|  |  |  | return NULL; | 
		
	
		
			
			|  |  |  | 
 | 
		
	
		
			
			|  |  |  | if ((password = strchr(username, ':'))) { | 
		
	
		
			
			|  |  |  | *password++ = 0; | 
		
	
		
			
			|  |  |  | authstr = make_digest_auth(state, username, password, path, method); | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | av_free(username); | 
		
	
		
			
			|  |  |  | } | 
		
	
		
			
			|  |  |  | return authstr; | 
		
	
		
			
			|  |  |  | } | 
		
	
	
		
			
				|  |  | 
 |