Statistics
| Branch: | Revision:

ffmpeg / libavformat / httpauth.c @ 2912e87a

History | View | Annotate | Download (8.8 KB)

1
/*
2
 * HTTP authentication
3
 * Copyright (c) 2010 Martin Storsjo
4
 *
5
 * This file is part of Libav.
6
 *
7
 * Libav is free software; you can redistribute it and/or
8
 * modify it under the terms of the GNU Lesser General Public
9
 * License as published by the Free Software Foundation; either
10
 * version 2.1 of the License, or (at your option) any later version.
11
 *
12
 * Libav is distributed in the hope that it will be useful,
13
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15
 * Lesser General Public License for more details.
16
 *
17
 * You should have received a copy of the GNU Lesser General Public
18
 * License along with Libav; if not, write to the Free Software
19
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20
 */
21

    
22
#include "httpauth.h"
23
#include "libavutil/base64.h"
24
#include "libavutil/avstring.h"
25
#include "internal.h"
26
#include "libavutil/random_seed.h"
27
#include "libavutil/md5.h"
28
#include "avformat.h"
29
#include <ctype.h>
30

    
31
static void handle_basic_params(HTTPAuthState *state, const char *key,
32
                                int key_len, char **dest, int *dest_len)
33
{
34
    if (!strncmp(key, "realm=", key_len)) {
35
        *dest     =        state->realm;
36
        *dest_len = sizeof(state->realm);
37
    }
38
}
39

    
40
static void handle_digest_params(HTTPAuthState *state, const char *key,
41
                                 int key_len, char **dest, int *dest_len)
42
{
43
    DigestParams *digest = &state->digest_params;
44

    
45
    if (!strncmp(key, "realm=", key_len)) {
46
        *dest     =        state->realm;
47
        *dest_len = sizeof(state->realm);
48
    } else if (!strncmp(key, "nonce=", key_len)) {
49
        *dest     =        digest->nonce;
50
        *dest_len = sizeof(digest->nonce);
51
    } else if (!strncmp(key, "opaque=", key_len)) {
52
        *dest     =        digest->opaque;
53
        *dest_len = sizeof(digest->opaque);
54
    } else if (!strncmp(key, "algorithm=", key_len)) {
55
        *dest     =        digest->algorithm;
56
        *dest_len = sizeof(digest->algorithm);
57
    } else if (!strncmp(key, "qop=", key_len)) {
58
        *dest     =        digest->qop;
59
        *dest_len = sizeof(digest->qop);
60
    }
61
}
62

    
63
static void handle_digest_update(HTTPAuthState *state, const char *key,
64
                                 int key_len, char **dest, int *dest_len)
65
{
66
    DigestParams *digest = &state->digest_params;
67

    
68
    if (!strncmp(key, "nextnonce=", key_len)) {
69
        *dest     =        digest->nonce;
70
        *dest_len = sizeof(digest->nonce);
71
    }
72
}
73

    
74
static void choose_qop(char *qop, int size)
75
{
76
    char *ptr = strstr(qop, "auth");
77
    char *end = ptr + strlen("auth");
78

    
79
    if (ptr && (!*end || isspace(*end) || *end == ',') &&
80
        (ptr == qop || isspace(ptr[-1]) || ptr[-1] == ',')) {
81
        av_strlcpy(qop, "auth", size);
82
    } else {
83
        qop[0] = 0;
84
    }
85
}
86

    
87
void ff_http_auth_handle_header(HTTPAuthState *state, const char *key,
88
                                const char *value)
89
{
90
    if (!strcmp(key, "WWW-Authenticate")) {
91
        const char *p;
92
        if (av_stristart(value, "Basic ", &p) &&
93
            state->auth_type <= HTTP_AUTH_BASIC) {
94
            state->auth_type = HTTP_AUTH_BASIC;
95
            state->realm[0] = 0;
96
            ff_parse_key_value(p, (ff_parse_key_val_cb) handle_basic_params,
97
                               state);
98
        } else if (av_stristart(value, "Digest ", &p) &&
99
                   state->auth_type <= HTTP_AUTH_DIGEST) {
100
            state->auth_type = HTTP_AUTH_DIGEST;
101
            memset(&state->digest_params, 0, sizeof(DigestParams));
102
            state->realm[0] = 0;
103
            ff_parse_key_value(p, (ff_parse_key_val_cb) handle_digest_params,
104
                               state);
105
            choose_qop(state->digest_params.qop,
106
                       sizeof(state->digest_params.qop));
107
        }
108
    } else if (!strcmp(key, "Authentication-Info")) {
109
        ff_parse_key_value(value, (ff_parse_key_val_cb) handle_digest_update,
110
                           state);
111
    }
112
}
113

    
114

    
115
static void update_md5_strings(struct AVMD5 *md5ctx, ...)
116
{
117
    va_list vl;
118

    
119
    va_start(vl, md5ctx);
120
    while (1) {
121
        const char* str = va_arg(vl, const char*);
122
        if (!str)
123
            break;
124
        av_md5_update(md5ctx, str, strlen(str));
125
    }
126
    va_end(vl);
127
}
128

    
129
/* Generate a digest reply, according to RFC 2617. */
130
static char *make_digest_auth(HTTPAuthState *state, const char *username,
131
                              const char *password, const char *uri,
132
                              const char *method)
133
{
134
    DigestParams *digest = &state->digest_params;
135
    int len;
136
    uint32_t cnonce_buf[2];
137
    char cnonce[17];
138
    char nc[9];
139
    int i;
140
    char A1hash[33], A2hash[33], response[33];
141
    struct AVMD5 *md5ctx;
142
    uint8_t hash[16];
143
    char *authstr;
144

    
145
    digest->nc++;
146
    snprintf(nc, sizeof(nc), "%08x", digest->nc);
147

    
148
    /* Generate a client nonce. */
149
    for (i = 0; i < 2; i++)
150
        cnonce_buf[i] = av_get_random_seed();
151
    ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1);
152
    cnonce[2*sizeof(cnonce_buf)] = 0;
153

    
154
    md5ctx = av_malloc(av_md5_size);
155
    if (!md5ctx)
156
        return NULL;
157

    
158
    av_md5_init(md5ctx);
159
    update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL);
160
    av_md5_final(md5ctx, hash);
161
    ff_data_to_hex(A1hash, hash, 16, 1);
162
    A1hash[32] = 0;
163

    
164
    if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {
165
    } else if (!strcmp(digest->algorithm, "MD5-sess")) {
166
        av_md5_init(md5ctx);
167
        update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL);
168
        av_md5_final(md5ctx, hash);
169
        ff_data_to_hex(A1hash, hash, 16, 1);
170
        A1hash[32] = 0;
171
    } else {
172
        /* Unsupported algorithm */
173
        av_free(md5ctx);
174
        return NULL;
175
    }
176

    
177
    av_md5_init(md5ctx);
178
    update_md5_strings(md5ctx, method, ":", uri, NULL);
179
    av_md5_final(md5ctx, hash);
180
    ff_data_to_hex(A2hash, hash, 16, 1);
181
    A2hash[32] = 0;
182

    
183
    av_md5_init(md5ctx);
184
    update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);
185
    if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {
186
        update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL);
187
    }
188
    update_md5_strings(md5ctx, ":", A2hash, NULL);
189
    av_md5_final(md5ctx, hash);
190
    ff_data_to_hex(response, hash, 16, 1);
191
    response[32] = 0;
192

    
193
    av_free(md5ctx);
194

    
195
    if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) {
196
    } else if (!strcmp(digest->qop, "auth-int")) {
197
        /* qop=auth-int not supported */
198
        return NULL;
199
    } else {
200
        /* Unsupported qop value. */
201
        return NULL;
202
    }
203

    
204
    len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) +
205
              strlen(uri) + strlen(response) + strlen(digest->algorithm) +
206
              strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +
207
              strlen(nc) + 150;
208

    
209
    authstr = av_malloc(len);
210
    if (!authstr)
211
        return NULL;
212
    snprintf(authstr, len, "Authorization: Digest ");
213

    
214
    /* TODO: Escape the quoted strings properly. */
215
    av_strlcatf(authstr, len, "username=\"%s\"",   username);
216
    av_strlcatf(authstr, len, ",realm=\"%s\"",     state->realm);
217
    av_strlcatf(authstr, len, ",nonce=\"%s\"",     digest->nonce);
218
    av_strlcatf(authstr, len, ",uri=\"%s\"",       uri);
219
    av_strlcatf(authstr, len, ",response=\"%s\"",  response);
220
    if (digest->algorithm[0])
221
        av_strlcatf(authstr, len, ",algorithm=%s",  digest->algorithm);
222
    if (digest->opaque[0])
223
        av_strlcatf(authstr, len, ",opaque=\"%s\"", digest->opaque);
224
    if (digest->qop[0]) {
225
        av_strlcatf(authstr, len, ",qop=\"%s\"",    digest->qop);
226
        av_strlcatf(authstr, len, ",cnonce=\"%s\"", cnonce);
227
        av_strlcatf(authstr, len, ",nc=%s",         nc);
228
    }
229

    
230
    av_strlcatf(authstr, len, "\r\n");
231

    
232
    return authstr;
233
}
234

    
235
char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth,
236
                                   const char *path, const char *method)
237
{
238
    char *authstr = NULL;
239

    
240
    if (!auth || !strchr(auth, ':'))
241
        return NULL;
242

    
243
    if (state->auth_type == HTTP_AUTH_BASIC) {
244
        int auth_b64_len = AV_BASE64_SIZE(strlen(auth));
245
        int len = auth_b64_len + 30;
246
        char *ptr;
247
        authstr = av_malloc(len);
248
        if (!authstr)
249
            return NULL;
250
        snprintf(authstr, len, "Authorization: Basic ");
251
        ptr = authstr + strlen(authstr);
252
        av_base64_encode(ptr, auth_b64_len, auth, strlen(auth));
253
        av_strlcat(ptr, "\r\n", len - (ptr - authstr));
254
    } else if (state->auth_type == HTTP_AUTH_DIGEST) {
255
        char *username = av_strdup(auth), *password;
256

    
257
        if (!username)
258
            return NULL;
259

    
260
        if ((password = strchr(username, ':'))) {
261
            *password++ = 0;
262
            authstr = make_digest_auth(state, username, password, path, method);
263
        }
264
        av_free(username);
265
    }
266
    return authstr;
267
}
268