falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24771 Commits
32 Branches
824MB
Tree: 48966b02cb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '48966b02cb'
${ noResults }
FFmpeg/libavformat/httpauth.c

322 lines
10KB
Raw Blame History 

  1. /*

  2.  * HTTP authentication

  3.  * Copyright (c) 2010 Martin Storsjo

  4.  *

  5.  * This file is part of FFmpeg.

  6.  *

  7.  * FFmpeg is free software; you can redistribute it and/or

  8.  * modify it under the terms of the GNU Lesser General Public

  9.  * License as published by the Free Software Foundation; either

  10.  * version 2.1 of the License, or (at your option) any later version.

  11.  *

  12.  * FFmpeg is distributed in the hope that it will be useful,

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  15.  * Lesser General Public License for more details.

  16.  *

  17.  * You should have received a copy of the GNU Lesser General Public

  18.  * License along with FFmpeg; if not, write to the Free Software

  19.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

  20.  */

  21. 

  22. #include "httpauth.h"

  23. #include "libavutil/base64.h"

  24. #include "libavutil/avstring.h"

  25. #include "internal.h"

  26. #include "libavutil/random_seed.h"

  27. #include "libavutil/md5.h"

  28. #include "avformat.h"

  29. #include <ctype.h>

  30. 

  31. static void parse_key_value(const char *params,

  32.                             void (*callback_get_buf)(HTTPAuthState *state,

  33.                             const char *key, int key_len,

  34.                             char **dest, int *dest_len), HTTPAuthState *state)

  35. {

  36.     const char *ptr = params;

  37. 

  38.     /* Parse key=value pairs. */

  39.     for (;;) {

  40.         const char *key;

  41.         char *dest = NULL, *dest_end;

  42.         int key_len, dest_len = 0;

  43. 

  44.         /* Skip whitespace and potential commas. */

  45.         while (*ptr && (isspace(*ptr) || *ptr == ','))

  46.             ptr++;

  47.         if (!*ptr)

  48.             break;

  49. 

  50.         key = ptr;

  51. 

  52.         if (!(ptr = strchr(key, '=')))

  53.             break;

  54.         ptr++;

  55.         key_len = ptr - key;

  56. 

  57.         callback_get_buf(state, key, key_len, &dest, &dest_len);

  58.         dest_end = dest + dest_len - 1;

  59. 

  60.         if (*ptr == '\"') {

  61.             ptr++;

  62.             while (*ptr && *ptr != '\"') {

  63.                 if (*ptr == '\\') {

  64.                     if (!ptr[1])

  65.                         break;

  66.                     if (dest && dest < dest_end)

  67.                         *dest++ = ptr[1];

  68.                     ptr += 2;

  69.                 } else {

  70.                     if (dest && dest < dest_end)

  71.                         *dest++ = *ptr;

  72.                     ptr++;

  73.                 }

  74.             }

  75.             if (*ptr == '\"')

  76.                 ptr++;

  77.         } else {

  78.             for (; *ptr && !(isspace(*ptr) || *ptr == ','); ptr++)

  79.                 if (dest && dest < dest_end)

  80.                     *dest++ = *ptr;

  81.         }

  82.         if (dest)

  83.             *dest = 0;

  84.     }

  85. }

  86. 

  87. static void handle_basic_params(HTTPAuthState *state, const char *key,

  88.                                 int key_len, char **dest, int *dest_len)

  89. {

  90.     if (!strncmp(key, "realm=", key_len)) {

  91.         *dest     =        state->realm;

  92.         *dest_len = sizeof(state->realm);

  93.     }

  94. }

  95. 

  96. static void handle_digest_params(HTTPAuthState *state, const char *key,

  97.                                  int key_len, char **dest, int *dest_len)

  98. {

  99.     DigestParams *digest = &state->digest_params;

  100. 

  101.     if (!strncmp(key, "realm=", key_len)) {

  102.         *dest     =        state->realm;

  103.         *dest_len = sizeof(state->realm);

  104.     } else if (!strncmp(key, "nonce=", key_len)) {

  105.         *dest     =        digest->nonce;

  106.         *dest_len = sizeof(digest->nonce);

  107.     } else if (!strncmp(key, "opaque=", key_len)) {

  108.         *dest     =        digest->opaque;

  109.         *dest_len = sizeof(digest->opaque);

  110.     } else if (!strncmp(key, "algorithm=", key_len)) {

  111.         *dest     =        digest->algorithm;

  112.         *dest_len = sizeof(digest->algorithm);

  113.     } else if (!strncmp(key, "qop=", key_len)) {

  114.         *dest     =        digest->qop;

  115.         *dest_len = sizeof(digest->qop);

  116.     }

  117. }

  118. 

  119. static void handle_digest_update(HTTPAuthState *state, const char *key,

  120.                                  int key_len, char **dest, int *dest_len)

  121. {

  122.     DigestParams *digest = &state->digest_params;

  123. 

  124.     if (!strncmp(key, "nextnonce=", key_len)) {

  125.         *dest     =        digest->nonce;

  126.         *dest_len = sizeof(digest->nonce);

  127.     }

  128. }

  129. 

  130. static void choose_qop(char *qop, int size)

  131. {

  132.     char *ptr = strstr(qop, "auth");

  133.     char *end = ptr + strlen("auth");

  134. 

  135.     if (ptr && (!*end || isspace(*end) || *end == ',') &&

  136.         (ptr == qop || isspace(ptr[-1]) || ptr[-1] == ',')) {

  137.         av_strlcpy(qop, "auth", size);

  138.     } else {

  139.         qop[0] = 0;

  140.     }

  141. }

  142. 

  143. void ff_http_auth_handle_header(HTTPAuthState *state, const char *key,

  144.                                 const char *value)

  145. {

  146.     if (!strcmp(key, "WWW-Authenticate")) {

  147.         const char *p;

  148.         if (av_stristart(value, "Basic ", &p) &&

  149.             state->auth_type <= HTTP_AUTH_BASIC) {

  150.             state->auth_type = HTTP_AUTH_BASIC;

  151.             state->realm[0] = 0;

  152.             parse_key_value(p, handle_basic_params, state);

  153.         } else if (av_stristart(value, "Digest ", &p) &&

  154.                    state->auth_type <= HTTP_AUTH_DIGEST) {

  155.             state->auth_type = HTTP_AUTH_DIGEST;

  156.             memset(&state->digest_params, 0, sizeof(DigestParams));

  157.             state->realm[0] = 0;

  158.             parse_key_value(p, handle_digest_params, state);

  159.             choose_qop(state->digest_params.qop,

  160.                        sizeof(state->digest_params.qop));

  161.         }

  162.     } else if (!strcmp(key, "Authentication-Info")) {

  163.         parse_key_value(value, handle_digest_update, state);

  164.     }

  165. }

  166. 

  167. 

  168. static void update_md5_strings(struct AVMD5 *md5ctx, ...)

  169. {

  170.     va_list vl;

  171. 

  172.     va_start(vl, md5ctx);

  173.     while (1) {

  174.         const char* str = va_arg(vl, const char*);

  175.         if (!str)

  176.             break;

  177.         av_md5_update(md5ctx, str, strlen(str));

  178.     }

  179.     va_end(vl);

  180. }

  181. 

  182. /* Generate a digest reply, according to RFC 2617. */

  183. static char *make_digest_auth(HTTPAuthState *state, const char *username,

  184.                               const char *password, const char *uri,

  185.                               const char *method)

  186. {

  187.     DigestParams *digest = &state->digest_params;

  188.     int len;

  189.     uint32_t cnonce_buf[2];

  190.     char cnonce[17];

  191.     char nc[9];

  192.     int i;

  193.     char A1hash[33], A2hash[33], response[33];

  194.     struct AVMD5 *md5ctx;

  195.     uint8_t hash[16];

  196.     char *authstr;

  197. 

  198.     digest->nc++;

  199.     snprintf(nc, sizeof(nc), "%08x", digest->nc);

  200. 

  201.     /* Generate a client nonce. */

  202.     for (i = 0; i < 2; i++)

  203.         cnonce_buf[i] = av_get_random_seed();

  204.     ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1);

  205.     cnonce[2*sizeof(cnonce_buf)] = 0;

  206. 

  207.     md5ctx = av_malloc(av_md5_size);

  208.     if (!md5ctx)

  209.         return NULL;

  210. 

  211.     av_md5_init(md5ctx);

  212.     update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL);

  213.     av_md5_final(md5ctx, hash);

  214.     ff_data_to_hex(A1hash, hash, 16, 1);

  215.     A1hash[32] = 0;

  216. 

  217.     if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {

  218.     } else if (!strcmp(digest->algorithm, "MD5-sess")) {

  219.         av_md5_init(md5ctx);

  220.         update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL);

  221.         av_md5_final(md5ctx, hash);

  222.         ff_data_to_hex(A1hash, hash, 16, 1);

  223.         A1hash[32] = 0;

  224.     } else {

  225.         /* Unsupported algorithm */

  226.         av_free(md5ctx);

  227.         return NULL;

  228.     }

  229. 

  230.     av_md5_init(md5ctx);

  231.     update_md5_strings(md5ctx, method, ":", uri, NULL);

  232.     av_md5_final(md5ctx, hash);

  233.     ff_data_to_hex(A2hash, hash, 16, 1);

  234.     A2hash[32] = 0;

  235. 

  236.     av_md5_init(md5ctx);

  237.     update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);

  238.     if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {

  239.         update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL);

  240.     }

  241.     update_md5_strings(md5ctx, ":", A2hash, NULL);

  242.     av_md5_final(md5ctx, hash);

  243.     ff_data_to_hex(response, hash, 16, 1);

  244.     response[32] = 0;

  245. 

  246.     av_free(md5ctx);

  247. 

  248.     if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) {

  249.     } else if (!strcmp(digest->qop, "auth-int")) {

  250.         /* qop=auth-int not supported */

  251.         return NULL;

  252.     } else {

  253.         /* Unsupported qop value. */

  254.         return NULL;

  255.     }

  256. 

  257.     len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) +

  258.               strlen(uri) + strlen(response) + strlen(digest->algorithm) +

  259.               strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +

  260.               strlen(nc) + 150;

  261. 

  262.     authstr = av_malloc(len);

  263.     if (!authstr)

  264.         return NULL;

  265.     snprintf(authstr, len, "Authorization: Digest ");

  266. 

  267.     /* TODO: Escape the quoted strings properly. */

  268.     av_strlcatf(authstr, len, "username=\"%s\"",   username);

  269.     av_strlcatf(authstr, len, ",realm=\"%s\"",     state->realm);

  270.     av_strlcatf(authstr, len, ",nonce=\"%s\"",     digest->nonce);

  271.     av_strlcatf(authstr, len, ",uri=\"%s\"",       uri);

  272.     av_strlcatf(authstr, len, ",response=\"%s\"",  response);

  273.     if (digest->algorithm[0])

  274.         av_strlcatf(authstr, len, ",algorithm=%s",  digest->algorithm);

  275.     if (digest->opaque[0])

  276.         av_strlcatf(authstr, len, ",opaque=\"%s\"", digest->opaque);

  277.     if (digest->qop[0]) {

  278.         av_strlcatf(authstr, len, ",qop=\"%s\"",    digest->qop);

  279.         av_strlcatf(authstr, len, ",cnonce=\"%s\"", cnonce);

  280.         av_strlcatf(authstr, len, ",nc=%s",         nc);

  281.     }

  282. 

  283.     av_strlcatf(authstr, len, "\r\n");

  284. 

  285.     return authstr;

  286. }

  287. 

  288. char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth,

  289.                                    const char *path, const char *method)

  290. {

  291.     char *authstr = NULL;

  292. 

  293.     if (!auth || !strchr(auth, ':'))

  294.         return NULL;

  295. 

  296.     if (state->auth_type == HTTP_AUTH_BASIC) {

  297.         int auth_b64_len = AV_BASE64_SIZE(strlen(auth));

  298.         int len = auth_b64_len + 30;

  299.         char *ptr;

  300.         authstr = av_malloc(len);

  301.         if (!authstr)

  302.             return NULL;

  303.         snprintf(authstr, len, "Authorization: Basic ");

  304.         ptr = authstr + strlen(authstr);

  305.         av_base64_encode(ptr, auth_b64_len, auth, strlen(auth));

  306.         av_strlcat(ptr, "\r\n", len - (ptr - authstr));

  307.     } else if (state->auth_type == HTTP_AUTH_DIGEST) {

  308.         char *username = av_strdup(auth), *password;

  309. 

  310.         if (!username)

  311.             return NULL;

  312. 

  313.         if ((password = strchr(username, ':'))) {

  314.             *password++ = 0;

  315.             authstr = make_digest_auth(state, username, password, path, method);

  316.         }

  317.         av_free(username);

  318.     }

  319.     return authstr;

  320. }