FFmpeg: libavformat/httpauth.c Source File

Go to the documentation of this file.
 /*
  * HTTP authentication
  * Copyright (c) 2010 Martin Storsjo
  *
  * This file is part of FFmpeg.
  *
  * FFmpeg is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
  * License as published by the Free Software Foundation; either
  * version 2.1 of the License, or (at your option) any later version.
  *
  * FFmpeg is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
  * License along with FFmpeg; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
 #include "httpauth.h"
 #include "libavutil/base64.h"
 #include "libavutil/avstring.h"
 #include "internal.h"
 #include "libavutil/random_seed.h"
 #include "libavutil/md5.h"
 #include "urldecode.h"
 #include "avformat.h"
 
 static void handle_basic_params(HTTPAuthState *state, const char *key,
                                 int key_len, char **dest, int *dest_len)
 {
     if (!strncmp(key, "realm=", key_len)) {
         *dest     =        state->realm;
         *dest_len = sizeof(state->realm);
     }
 }
 
 static void handle_digest_params(HTTPAuthState *state, const char *key,
                                  int key_len, char **dest, int *dest_len)
 {
     DigestParams *digest = &state->digest_params;
 
     if (!strncmp(key, "realm=", key_len)) {
         *dest     =        state->realm;
         *dest_len = sizeof(state->realm);
     } else if (!strncmp(key, "nonce=", key_len)) {
         *dest     =        digest->nonce;
         *dest_len = sizeof(digest->nonce);
     } else if (!strncmp(key, "opaque=", key_len)) {
         *dest     =        digest->opaque;
         *dest_len = sizeof(digest->opaque);
     } else if (!strncmp(key, "algorithm=", key_len)) {
         *dest     =        digest->algorithm;
         *dest_len = sizeof(digest->algorithm);
     } else if (!strncmp(key, "qop=", key_len)) {
         *dest     =        digest->qop;
         *dest_len = sizeof(digest->qop);
     } else if (!strncmp(key, "stale=", key_len)) {
         *dest     =        digest->stale;
         *dest_len = sizeof(digest->stale);
     }
 }
 
 static void handle_digest_update(HTTPAuthState *state, const char *key,
                                  int key_len, char **dest, int *dest_len)
 {
     DigestParams *digest = &state->digest_params;
 
     if (!strncmp(key, "nextnonce=", key_len)) {
         *dest     =        digest->nonce;
         *dest_len = sizeof(digest->nonce);
     }
 }
 
 static void choose_qop(char *qop, int size)
 {
     char *ptr = strstr(qop, "auth");
     char *end = ptr + strlen("auth");
 
     if (ptr && (!*end || av_isspace(*end) || *end == ',') &&
         (ptr == qop || av_isspace(ptr[-1]) || ptr[-1] == ',')) {
         av_strlcpy(qop, "auth", size);
     } else {
         qop[0] = 0;
     }
 }
 
 void ff_http_auth_handle_header(HTTPAuthState *state, const char *key,
                                 const char *value)
 {
     if (!strcmp(key, "WWW-Authenticate") || !strcmp(key, "Proxy-Authenticate")) {
         const char *p;
         if (av_stristart(value, "Basic ", &p) &&
             state->auth_type <= HTTP_AUTH_BASIC) {
             state->auth_type = HTTP_AUTH_BASIC;
             state->realm[0] = 0;
             state->stale = 0;
             ff_parse_key_value(p, (ff_parse_key_val_cb) handle_basic_params,
                                state);
         } else if (av_stristart(value, "Digest ", &p) &&
                    state->auth_type <= HTTP_AUTH_DIGEST) {
             state->auth_type = HTTP_AUTH_DIGEST;
             memset(&state->digest_params, 0, sizeof(DigestParams));
             state->realm[0] = 0;
             state->stale = 0;
             ff_parse_key_value(p, (ff_parse_key_val_cb) handle_digest_params,
                                state);
             choose_qop(state->digest_params.qop,
                        sizeof(state->digest_params.qop));
             if (!av_strcasecmp(state->digest_params.stale, "true"))
                 state->stale = 1;
         }
     } else if (!strcmp(key, "Authentication-Info")) {
         ff_parse_key_value(value, (ff_parse_key_val_cb) handle_digest_update,
                            state);
     }
 }
 
 
 static void update_md5_strings(struct AVMD5 *md5ctx, ...)
 {
     va_list vl;
 
     va_start(vl, md5ctx);
     while (1) {
         const char* str = va_arg(vl, const char*);
         if (!str)
             break;
         av_md5_update(md5ctx, str, strlen(str));
     }
     va_end(vl);
 }
 
 /* Generate a digest reply, according to RFC 2617. */
 static char *make_digest_auth(HTTPAuthState *state, const char *username,
                               const char *password, const char *uri,
                               const char *method)
 {
     DigestParams *digest = &state->digest_params;
     int len;
     uint32_t cnonce_buf[2];
     char cnonce[17];
     char nc[9];
     int i;
     char A1hash[33], A2hash[33], response[33];
     struct AVMD5 *md5ctx;
     uint8_t hash[16];
     char *authstr;
 
     digest->nc++;
     snprintf(nc, sizeof(nc), "%08x", digest->nc);
 
     /* Generate a client nonce. */
     for (i = 0; i < 2; i++)
         cnonce_buf[i] = av_get_random_seed();
     ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1);
     cnonce[2*sizeof(cnonce_buf)] = 0;
 
     md5ctx = av_md5_alloc();
     if (!md5ctx)
         return NULL;
 
     av_md5_init(md5ctx);
     update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL);
     av_md5_final(md5ctx, hash);
     ff_data_to_hex(A1hash, hash, 16, 1);
     A1hash[32] = 0;
 
     if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {
     } else if (!strcmp(digest->algorithm, "MD5-sess")) {
         av_md5_init(md5ctx);
         update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL);
         av_md5_final(md5ctx, hash);
         ff_data_to_hex(A1hash, hash, 16, 1);
         A1hash[32] = 0;
     } else {
         /* Unsupported algorithm */
         av_free(md5ctx);
         return NULL;
     }
 
     av_md5_init(md5ctx);
     update_md5_strings(md5ctx, method, ":", uri, NULL);
     av_md5_final(md5ctx, hash);
     ff_data_to_hex(A2hash, hash, 16, 1);
     A2hash[32] = 0;
 
     av_md5_init(md5ctx);
     update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);
     if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {
         update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL);
     }
     update_md5_strings(md5ctx, ":", A2hash, NULL);
     av_md5_final(md5ctx, hash);
     ff_data_to_hex(response, hash, 16, 1);
     response[32] = 0;
 
     av_free(md5ctx);
 
     if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) {
     } else if (!strcmp(digest->qop, "auth-int")) {
         /* qop=auth-int not supported */
         return NULL;
     } else {
         /* Unsupported qop value. */
         return NULL;
     }
 
     len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) +
               strlen(uri) + strlen(response) + strlen(digest->algorithm) +
               strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +
               strlen(nc) + 150;
 
     authstr = av_malloc(len);
     if (!authstr)
         return NULL;
     snprintf(authstr, len, "Authorization: Digest ");
 
     /* TODO: Escape the quoted strings properly. */
     av_strlcatf(authstr, len, "username=\"%s\"",   username);
     av_strlcatf(authstr, len, ",realm=\"%s\"",     state->realm);
     av_strlcatf(authstr, len, ",nonce=\"%s\"",     digest->nonce);
     av_strlcatf(authstr, len, ",uri=\"%s\"",       uri);
     av_strlcatf(authstr, len, ",response=\"%s\"",  response);
     if (digest->algorithm[0])
         av_strlcatf(authstr, len, ",algorithm=\"%s\"",  digest->algorithm);
     if (digest->opaque[0])
         av_strlcatf(authstr, len, ",opaque=\"%s\"", digest->opaque);
     if (digest->qop[0]) {
         av_strlcatf(authstr, len, ",qop=\"%s\"",    digest->qop);
         av_strlcatf(authstr, len, ",cnonce=\"%s\"", cnonce);
         av_strlcatf(authstr, len, ",nc=%s",         nc);
     }
 
     av_strlcatf(authstr, len, "\r\n");
 
     return authstr;
 }
 
 char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth,
                                    const char *path, const char *method)
 {
     char *authstr = NULL;
 
     /* Clear the stale flag, we assume the auth is ok now. It is reset
      * by the server headers if there's a new issue. */
     state->stale = 0;
     if (!auth || !strchr(auth, ':'))
         return NULL;
 
     if (state->auth_type == HTTP_AUTH_BASIC) {
         int auth_b64_len, len;
         char *ptr, *decoded_auth = ff_urldecode(auth);
 
         if (!decoded_auth)
             return NULL;
 
         auth_b64_len = AV_BASE64_SIZE(strlen(decoded_auth));
         len = auth_b64_len + 30;
 
         authstr = av_malloc(len);
         if (!authstr) {
             av_free(decoded_auth);
             return NULL;
         }
 
         snprintf(authstr, len, "Authorization: Basic ");
         ptr = authstr + strlen(authstr);
         av_base64_encode(ptr, auth_b64_len, decoded_auth, strlen(decoded_auth));
         av_strlcat(ptr, "\r\n", len - (ptr - authstr));
         av_free(decoded_auth);
     } else if (state->auth_type == HTTP_AUTH_DIGEST) {
         char *username = ff_urldecode(auth), *password;
 
         if (!username)
             return NULL;
 
         if ((password = strchr(username, ':'))) {
             *password++ = 0;
             authstr = make_digest_auth(state, username, password, path, method);
         }
         av_free(username);
     }
     return authstr;
 }