Statistics
| Branch: | Revision:

ffmpeg / libavformat / httpauth.c @ 60f198a7

History | View | Annotate | Download (10.2 KB)

1
/*
2
 * HTTP authentication
3
 * Copyright (c) 2010 Martin Storsjo
4
 *
5
 * This file is part of FFmpeg.
6
 *
7
 * FFmpeg is free software; you can redistribute it and/or
8
 * modify it under the terms of the GNU Lesser General Public
9
 * License as published by the Free Software Foundation; either
10
 * version 2.1 of the License, or (at your option) any later version.
11
 *
12
 * FFmpeg is distributed in the hope that it will be useful,
13
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15
 * Lesser General Public License for more details.
16
 *
17
 * You should have received a copy of the GNU Lesser General Public
18
 * License along with FFmpeg; if not, write to the Free Software
19
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20
 */
21

    
22
#include "httpauth.h"
23
#include "libavutil/base64.h"
24
#include "libavutil/avstring.h"
25
#include "internal.h"
26
#include "libavutil/random_seed.h"
27
#include "libavutil/md5.h"
28
#include "avformat.h"
29
#include <ctype.h>
30

    
31
static void parse_key_value(const char *params,
32
                            void (*callback_get_buf)(HTTPAuthState *state,
33
                            const char *key, int key_len,
34
                            char **dest, int *dest_len), HTTPAuthState *state)
35
{
36
    const char *ptr = params;
37

    
38
    /* Parse key=value pairs. */
39
    for (;;) {
40
        const char *key;
41
        char *dest = NULL, *dest_end;
42
        int key_len, dest_len = 0;
43

    
44
        /* Skip whitespace and potential commas. */
45
        while (*ptr && (isspace(*ptr) || *ptr == ','))
46
            ptr++;
47
        if (!*ptr)
48
            break;
49

    
50
        key = ptr;
51

    
52
        if (!(ptr = strchr(key, '=')))
53
            break;
54
        ptr++;
55
        key_len = ptr - key;
56

    
57
        callback_get_buf(state, key, key_len, &dest, &dest_len);
58
        dest_end = dest + dest_len - 1;
59

    
60
        if (*ptr == '\"') {
61
            ptr++;
62
            while (*ptr && *ptr != '\"') {
63
                if (*ptr == '\\') {
64
                    if (!ptr[1])
65
                        break;
66
                    if (dest && dest < dest_end)
67
                        *dest++ = ptr[1];
68
                    ptr += 2;
69
                } else {
70
                    if (dest && dest < dest_end)
71
                        *dest++ = *ptr;
72
                    ptr++;
73
                }
74
            }
75
            if (*ptr == '\"')
76
                ptr++;
77
        } else {
78
            for (; *ptr && !(isspace(*ptr) || *ptr == ','); ptr++)
79
                if (dest && dest < dest_end)
80
                    *dest++ = *ptr;
81
        }
82
        if (dest)
83
            *dest = 0;
84
    }
85
}
86

    
87
static void handle_basic_params(HTTPAuthState *state, const char *key,
88
                                int key_len, char **dest, int *dest_len)
89
{
90
    if (!strncmp(key, "realm=", key_len)) {
91
        *dest     =        state->realm;
92
        *dest_len = sizeof(state->realm);
93
    }
94
}
95

    
96
static void handle_digest_params(HTTPAuthState *state, const char *key,
97
                                 int key_len, char **dest, int *dest_len)
98
{
99
    DigestParams *digest = &state->digest_params;
100

    
101
    if (!strncmp(key, "realm=", key_len)) {
102
        *dest     =        state->realm;
103
        *dest_len = sizeof(state->realm);
104
    } else if (!strncmp(key, "nonce=", key_len)) {
105
        *dest     =        digest->nonce;
106
        *dest_len = sizeof(digest->nonce);
107
    } else if (!strncmp(key, "opaque=", key_len)) {
108
        *dest     =        digest->opaque;
109
        *dest_len = sizeof(digest->opaque);
110
    } else if (!strncmp(key, "algorithm=", key_len)) {
111
        *dest     =        digest->algorithm;
112
        *dest_len = sizeof(digest->algorithm);
113
    } else if (!strncmp(key, "qop=", key_len)) {
114
        *dest     =        digest->qop;
115
        *dest_len = sizeof(digest->qop);
116
    }
117
}
118

    
119
static void handle_digest_update(HTTPAuthState *state, const char *key,
120
                                 int key_len, char **dest, int *dest_len)
121
{
122
    DigestParams *digest = &state->digest_params;
123

    
124
    if (!strncmp(key, "nextnonce=", key_len)) {
125
        *dest     =        digest->nonce;
126
        *dest_len = sizeof(digest->nonce);
127
    }
128
}
129

    
130
static void choose_qop(char *qop, int size)
131
{
132
    char *ptr = strstr(qop, "auth");
133
    char *end = ptr + strlen("auth");
134

    
135
    if (ptr && (!*end || isspace(*end) || *end == ',') &&
136
        (ptr == qop || isspace(ptr[-1]) || ptr[-1] == ',')) {
137
        av_strlcpy(qop, "auth", size);
138
    } else {
139
        qop[0] = 0;
140
    }
141
}
142

    
143
void ff_http_auth_handle_header(HTTPAuthState *state, const char *key,
144
                                const char *value)
145
{
146
    if (!strcmp(key, "WWW-Authenticate")) {
147
        const char *p;
148
        if (av_stristart(value, "Basic ", &p) &&
149
            state->auth_type <= HTTP_AUTH_BASIC) {
150
            state->auth_type = HTTP_AUTH_BASIC;
151
            state->realm[0] = 0;
152
            parse_key_value(p, handle_basic_params, state);
153
        } else if (av_stristart(value, "Digest ", &p) &&
154
                   state->auth_type <= HTTP_AUTH_DIGEST) {
155
            state->auth_type = HTTP_AUTH_DIGEST;
156
            memset(&state->digest_params, 0, sizeof(DigestParams));
157
            state->realm[0] = 0;
158
            parse_key_value(p, handle_digest_params, state);
159
            choose_qop(state->digest_params.qop,
160
                       sizeof(state->digest_params.qop));
161
        }
162
    } else if (!strcmp(key, "Authentication-Info")) {
163
        parse_key_value(value, handle_digest_update, state);
164
    }
165
}
166

    
167

    
168
static void update_md5_strings(struct AVMD5 *md5ctx, ...)
169
{
170
    va_list vl;
171

    
172
    va_start(vl, md5ctx);
173
    while (1) {
174
        const char* str = va_arg(vl, const char*);
175
        if (!str)
176
            break;
177
        av_md5_update(md5ctx, str, strlen(str));
178
    }
179
    va_end(vl);
180
}
181

    
182
/* Generate a digest reply, according to RFC 2617. */
183
static char *make_digest_auth(HTTPAuthState *state, const char *username,
184
                              const char *password, const char *uri,
185
                              const char *method)
186
{
187
    DigestParams *digest = &state->digest_params;
188
    int len;
189
    uint32_t cnonce_buf[2];
190
    char cnonce[9];
191
    char nc[9];
192
    int i;
193
    char A1hash[33], A2hash[33], response[33];
194
    struct AVMD5 *md5ctx;
195
    uint8_t hash[16];
196
    char *authstr;
197

    
198
    digest->nc++;
199
    snprintf(nc, sizeof(nc), "%08x", digest->nc);
200

    
201
    /* Generate a client nonce. */
202
    for (i = 0; i < 2; i++)
203
        cnonce_buf[i] = ff_random_get_seed();
204
    ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1);
205
    cnonce[2*sizeof(cnonce_buf)] = 0;
206

    
207
    md5ctx = av_malloc(av_md5_size);
208
    if (!md5ctx)
209
        return NULL;
210

    
211
    av_md5_init(md5ctx);
212
    update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL);
213
    av_md5_final(md5ctx, hash);
214
    ff_data_to_hex(A1hash, hash, 16, 1);
215
    A1hash[32] = 0;
216

    
217
    if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {
218
    } else if (!strcmp(digest->algorithm, "MD5-sess")) {
219
        av_md5_init(md5ctx);
220
        update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL);
221
        av_md5_final(md5ctx, hash);
222
        ff_data_to_hex(A1hash, hash, 16, 1);
223
        A1hash[32] = 0;
224
    } else {
225
        /* Unsupported algorithm */
226
        av_free(md5ctx);
227
        return NULL;
228
    }
229

    
230
    av_md5_init(md5ctx);
231
    update_md5_strings(md5ctx, method, ":", uri, NULL);
232
    av_md5_final(md5ctx, hash);
233
    ff_data_to_hex(A2hash, hash, 16, 1);
234
    A2hash[32] = 0;
235

    
236
    av_md5_init(md5ctx);
237
    update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);
238
    if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {
239
        update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL);
240
    }
241
    update_md5_strings(md5ctx, ":", A2hash, NULL);
242
    av_md5_final(md5ctx, hash);
243
    ff_data_to_hex(response, hash, 16, 1);
244
    response[32] = 0;
245

    
246
    av_free(md5ctx);
247

    
248
    if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) {
249
    } else if (!strcmp(digest->qop, "auth-int")) {
250
        /* qop=auth-int not supported */
251
        return NULL;
252
    } else {
253
        /* Unsupported qop value. */
254
        return NULL;
255
    }
256

    
257
    len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) +
258
              strlen(uri) + strlen(response) + strlen(digest->algorithm) +
259
              strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +
260
              strlen(nc) + 150;
261

    
262
    authstr = av_malloc(len);
263
    if (!authstr)
264
        return NULL;
265
    snprintf(authstr, len, "Authorization: Digest ");
266

    
267
    /* TODO: Escape the quoted strings properly. */
268
    av_strlcatf(authstr, len, "username=\"%s\"",   username);
269
    av_strlcatf(authstr, len, ",realm=\"%s\"",     state->realm);
270
    av_strlcatf(authstr, len, ",nonce=\"%s\"",     digest->nonce);
271
    av_strlcatf(authstr, len, ",uri=\"%s\"",       uri);
272
    av_strlcatf(authstr, len, ",response=\"%s\"",  response);
273
    if (digest->algorithm[0])
274
        av_strlcatf(authstr, len, ",algorithm=%s",  digest->algorithm);
275
    if (digest->opaque[0])
276
        av_strlcatf(authstr, len, ",opaque=\"%s\"", digest->opaque);
277
    if (digest->qop[0]) {
278
        av_strlcatf(authstr, len, ",qop=\"%s\"",    digest->qop);
279
        av_strlcatf(authstr, len, ",cnonce=\"%s\"", cnonce);
280
        av_strlcatf(authstr, len, ",nc=%s",         nc);
281
    }
282

    
283
    av_strlcatf(authstr, len, "\r\n");
284

    
285
    return authstr;
286
}
287

    
288
char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth,
289
                                   const char *path, const char *method)
290
{
291
    char *authstr = NULL;
292

    
293
    if (!auth || !strchr(auth, ':'))
294
        return NULL;
295

    
296
    if (state->auth_type == HTTP_AUTH_BASIC) {
297
        int auth_b64_len = (strlen(auth) + 2) / 3 * 4 + 1;
298
        int len = auth_b64_len + 30;
299
        char *ptr;
300
        authstr = av_malloc(len);
301
        if (!authstr)
302
            return NULL;
303
        snprintf(authstr, len, "Authorization: Basic ");
304
        ptr = authstr + strlen(authstr);
305
        av_base64_encode(ptr, auth_b64_len, auth, strlen(auth));
306
        av_strlcat(ptr, "\r\n", len);
307
    } else if (state->auth_type == HTTP_AUTH_DIGEST) {
308
        char *username = av_strdup(auth), *password;
309

    
310
        if (!username)
311
            return NULL;
312

    
313
        if ((password = strchr(username, ':'))) {
314
            *password++ = 0;
315
            authstr = make_digest_auth(state, username, password, path, method);
316
        }
317
        av_free(username);
318
    }
319
    return authstr;
320
}
321