falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
43403 Commits
32 Branches
283MB
Tree: f172e22d6a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f172e22d6a'
${ noResults }
FFmpeg/libavformat/httpauth.c

289 lines
9.5KB
Raw Blame History 

  1. /*

  2.  * HTTP authentication

  3.  * Copyright (c) 2010 Martin Storsjo

  4.  *

  5.  * This file is part of Libav.

  6.  *

  7.  * Libav is free software; you can redistribute it and/or

  8.  * modify it under the terms of the GNU Lesser General Public

  9.  * License as published by the Free Software Foundation; either

  10.  * version 2.1 of the License, or (at your option) any later version.

  11.  *

  12.  * Libav is distributed in the hope that it will be useful,

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  15.  * Lesser General Public License for more details.

  16.  *

  17.  * You should have received a copy of the GNU Lesser General Public

  18.  * License along with Libav; if not, write to the Free Software

  19.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

  20.  */

  21. 

  22. #include "httpauth.h"

  23. #include "libavutil/base64.h"

  24. #include "libavutil/avstring.h"

  25. #include "internal.h"

  26. #include "libavutil/random_seed.h"

  27. #include "libavutil/md5.h"

  28. #include "urldecode.h"

  29. #include "avformat.h"

  30. 

  31. static void handle_basic_params(HTTPAuthState *state, const char *key,

  32.                                 int key_len, char **dest, int *dest_len)

  33. {

  34.     if (!strncmp(key, "realm=", key_len)) {

  35.         *dest     =        state->realm;

  36.         *dest_len = sizeof(state->realm);

  37.     }

  38. }

  39. 

  40. static void handle_digest_params(HTTPAuthState *state, const char *key,

  41.                                  int key_len, char **dest, int *dest_len)

  42. {

  43.     DigestParams *digest = &state->digest_params;

  44. 

  45.     if (!strncmp(key, "realm=", key_len)) {

  46.         *dest     =        state->realm;

  47.         *dest_len = sizeof(state->realm);

  48.     } else if (!strncmp(key, "nonce=", key_len)) {

  49.         *dest     =        digest->nonce;

  50.         *dest_len = sizeof(digest->nonce);

  51.     } else if (!strncmp(key, "opaque=", key_len)) {

  52.         *dest     =        digest->opaque;

  53.         *dest_len = sizeof(digest->opaque);

  54.     } else if (!strncmp(key, "algorithm=", key_len)) {

  55.         *dest     =        digest->algorithm;

  56.         *dest_len = sizeof(digest->algorithm);

  57.     } else if (!strncmp(key, "qop=", key_len)) {

  58.         *dest     =        digest->qop;

  59.         *dest_len = sizeof(digest->qop);

  60.     } else if (!strncmp(key, "stale=", key_len)) {

  61.         *dest     =        digest->stale;

  62.         *dest_len = sizeof(digest->stale);

  63.     }

  64. }

  65. 

  66. static void handle_digest_update(HTTPAuthState *state, const char *key,

  67.                                  int key_len, char **dest, int *dest_len)

  68. {

  69.     DigestParams *digest = &state->digest_params;

  70. 

  71.     if (!strncmp(key, "nextnonce=", key_len)) {

  72.         *dest     =        digest->nonce;

  73.         *dest_len = sizeof(digest->nonce);

  74.     }

  75. }

  76. 

  77. static void choose_qop(char *qop, int size)

  78. {

  79.     char *ptr = strstr(qop, "auth");

  80.     char *end = ptr + strlen("auth");

  81. 

  82.     if (ptr && (!*end || av_isspace(*end) || *end == ',') &&

  83.         (ptr == qop || av_isspace(ptr[-1]) || ptr[-1] == ',')) {

  84.         av_strlcpy(qop, "auth", size);

  85.     } else {

  86.         qop[0] = 0;

  87.     }

  88. }

  89. 

  90. void ff_http_auth_handle_header(HTTPAuthState *state, const char *key,

  91.                                 const char *value)

  92. {

  93.     if (!strcmp(key, "WWW-Authenticate") || !strcmp(key, "Proxy-Authenticate")) {

  94.         const char *p;

  95.         if (av_stristart(value, "Basic ", &p) &&

  96.             state->auth_type <= HTTP_AUTH_BASIC) {

  97.             state->auth_type = HTTP_AUTH_BASIC;

  98.             state->realm[0] = 0;

  99.             state->stale = 0;

  100.             ff_parse_key_value(p, (ff_parse_key_val_cb) handle_basic_params,

  101.                                state);

  102.         } else if (av_stristart(value, "Digest ", &p) &&

  103.                    state->auth_type <= HTTP_AUTH_DIGEST) {

  104.             state->auth_type = HTTP_AUTH_DIGEST;

  105.             memset(&state->digest_params, 0, sizeof(DigestParams));

  106.             state->realm[0] = 0;

  107.             state->stale = 0;

  108.             ff_parse_key_value(p, (ff_parse_key_val_cb) handle_digest_params,

  109.                                state);

  110.             choose_qop(state->digest_params.qop,

  111.                        sizeof(state->digest_params.qop));

  112.             if (!av_strcasecmp(state->digest_params.stale, "true"))

  113.                 state->stale = 1;

  114.         }

  115.     } else if (!strcmp(key, "Authentication-Info")) {

  116.         ff_parse_key_value(value, (ff_parse_key_val_cb) handle_digest_update,

  117.                            state);

  118.     }

  119. }

  120. 

  121. 

  122. static void update_md5_strings(struct AVMD5 *md5ctx, ...)

  123. {

  124.     va_list vl;

  125. 

  126.     va_start(vl, md5ctx);

  127.     while (1) {

  128.         const char* str = va_arg(vl, const char*);

  129.         if (!str)

  130.             break;

  131.         av_md5_update(md5ctx, str, strlen(str));

  132.     }

  133.     va_end(vl);

  134. }

  135. 

  136. /* Generate a digest reply, according to RFC 2617. */

  137. static char *make_digest_auth(HTTPAuthState *state, const char *username,

  138.                               const char *password, const char *uri,

  139.                               const char *method)

  140. {

  141.     DigestParams *digest = &state->digest_params;

  142.     int len;

  143.     uint32_t cnonce_buf[2];

  144.     char cnonce[17];

  145.     char nc[9];

  146.     int i;

  147.     char A1hash[33], A2hash[33], response[33];

  148.     struct AVMD5 *md5ctx;

  149.     uint8_t hash[16];

  150.     char *authstr;

  151. 

  152.     digest->nc++;

  153.     snprintf(nc, sizeof(nc), "%08x", digest->nc);

  154. 

  155.     /* Generate a client nonce. */

  156.     for (i = 0; i < 2; i++)

  157.         cnonce_buf[i] = av_get_random_seed();

  158.     ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1);

  159.     cnonce[2*sizeof(cnonce_buf)] = 0;

  160. 

  161.     md5ctx = av_md5_alloc();

  162.     if (!md5ctx)

  163.         return NULL;

  164. 

  165.     av_md5_init(md5ctx);

  166.     update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL);

  167.     av_md5_final(md5ctx, hash);

  168.     ff_data_to_hex(A1hash, hash, 16, 1);

  169.     A1hash[32] = 0;

  170. 

  171.     if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {

  172.     } else if (!strcmp(digest->algorithm, "MD5-sess")) {

  173.         av_md5_init(md5ctx);

  174.         update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL);

  175.         av_md5_final(md5ctx, hash);

  176.         ff_data_to_hex(A1hash, hash, 16, 1);

  177.         A1hash[32] = 0;

  178.     } else {

  179.         /* Unsupported algorithm */

  180.         av_free(md5ctx);

  181.         return NULL;

  182.     }

  183. 

  184.     av_md5_init(md5ctx);

  185.     update_md5_strings(md5ctx, method, ":", uri, NULL);

  186.     av_md5_final(md5ctx, hash);

  187.     ff_data_to_hex(A2hash, hash, 16, 1);

  188.     A2hash[32] = 0;

  189. 

  190.     av_md5_init(md5ctx);

  191.     update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);

  192.     if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {

  193.         update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL);

  194.     }

  195.     update_md5_strings(md5ctx, ":", A2hash, NULL);

  196.     av_md5_final(md5ctx, hash);

  197.     ff_data_to_hex(response, hash, 16, 1);

  198.     response[32] = 0;

  199. 

  200.     av_free(md5ctx);

  201. 

  202.     if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) {

  203.     } else if (!strcmp(digest->qop, "auth-int")) {

  204.         /* qop=auth-int not supported */

  205.         return NULL;

  206.     } else {

  207.         /* Unsupported qop value. */

  208.         return NULL;

  209.     }

  210. 

  211.     len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) +

  212.               strlen(uri) + strlen(response) + strlen(digest->algorithm) +

  213.               strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +

  214.               strlen(nc) + 150;

  215. 

  216.     authstr = av_malloc(len);

  217.     if (!authstr)

  218.         return NULL;

  219.     snprintf(authstr, len, "Authorization: Digest ");

  220. 

  221.     /* TODO: Escape the quoted strings properly. */

  222.     av_strlcatf(authstr, len, "username=\"%s\"",   username);

  223.     av_strlcatf(authstr, len, ", realm=\"%s\"",     state->realm);

  224.     av_strlcatf(authstr, len, ", nonce=\"%s\"",     digest->nonce);

  225.     av_strlcatf(authstr, len, ", uri=\"%s\"",       uri);

  226.     av_strlcatf(authstr, len, ", response=\"%s\"",  response);

  227. 

  228.     if (digest->algorithm[0])

  229.         av_strlcatf(authstr, len, ", algorithm=%s",  digest->algorithm);

  230.     if (digest->opaque[0])

  231.         av_strlcatf(authstr, len, ", opaque=\"%s\"", digest->opaque);

  232.     if (digest->qop[0]) {

  233.         av_strlcatf(authstr, len, ", qop=\"%s\"",    digest->qop);

  234.         av_strlcatf(authstr, len, ", cnonce=\"%s\"", cnonce);

  235.         av_strlcatf(authstr, len, ", nc=%s",         nc);

  236.     }

  237. 

  238.     av_strlcatf(authstr, len, "\r\n");

  239. 

  240.     return authstr;

  241. }

  242. 

  243. char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth,

  244.                                    const char *path, const char *method)

  245. {

  246.     char *authstr = NULL;

  247. 

  248.     /* Clear the stale flag, we assume the auth is ok now. It is reset

  249.      * by the server headers if there's a new issue. */

  250.     state->stale = 0;

  251.     if (!auth || !strchr(auth, ':'))

  252.         return NULL;

  253. 

  254.     if (state->auth_type == HTTP_AUTH_BASIC) {

  255.         int auth_b64_len, len;

  256.         char *ptr, *decoded_auth = ff_urldecode(auth);

  257. 

  258.         if (!decoded_auth)

  259.             return NULL;

  260. 

  261.         auth_b64_len = AV_BASE64_SIZE(strlen(decoded_auth));

  262.         len = auth_b64_len + 30;

  263. 

  264.         authstr = av_malloc(len);

  265.         if (!authstr) {

  266.             av_free(decoded_auth);

  267.             return NULL;

  268.         }

  269. 

  270.         snprintf(authstr, len, "Authorization: Basic ");

  271.         ptr = authstr + strlen(authstr);

  272.         av_base64_encode(ptr, auth_b64_len, decoded_auth, strlen(decoded_auth));

  273.         av_strlcat(ptr, "\r\n", len - (ptr - authstr));

  274.         av_free(decoded_auth);

  275.     } else if (state->auth_type == HTTP_AUTH_DIGEST) {

  276.         char *username = ff_urldecode(auth), *password;

  277. 

  278.         if (!username)

  279.             return NULL;

  280. 

  281.         if ((password = strchr(username, ':'))) {

  282.             *password++ = 0;

  283.             authstr = make_digest_auth(state, username, password, path, method);

  284.         }

  285.         av_free(username);

  286.     }

  287.     return authstr;

  288. }