FFmpeg
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
httpauth.c
Go to the documentation of this file.
1 /*
2  * HTTP authentication
3  * Copyright (c) 2010 Martin Storsjo
4  *
5  * This file is part of FFmpeg.
6  *
7  * FFmpeg is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2.1 of the License, or (at your option) any later version.
11  *
12  * FFmpeg is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with FFmpeg; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20  */
21 
22 #include "httpauth.h"
23 #include "libavutil/base64.h"
24 #include "libavutil/avstring.h"
25 #include "internal.h"
26 #include "libavutil/random_seed.h"
27 #include "libavutil/md5.h"
28 #include "urldecode.h"
29 #include "avformat.h"
30 #include <ctype.h>
31 
32 static void handle_basic_params(HTTPAuthState *state, const char *key,
33  int key_len, char **dest, int *dest_len)
34 {
35  if (!strncmp(key, "realm=", key_len)) {
36  *dest = state->realm;
37  *dest_len = sizeof(state->realm);
38  }
39 }
40 
41 static void handle_digest_params(HTTPAuthState *state, const char *key,
42  int key_len, char **dest, int *dest_len)
43 {
44  DigestParams *digest = &state->digest_params;
45 
46  if (!strncmp(key, "realm=", key_len)) {
47  *dest = state->realm;
48  *dest_len = sizeof(state->realm);
49  } else if (!strncmp(key, "nonce=", key_len)) {
50  *dest = digest->nonce;
51  *dest_len = sizeof(digest->nonce);
52  } else if (!strncmp(key, "opaque=", key_len)) {
53  *dest = digest->opaque;
54  *dest_len = sizeof(digest->opaque);
55  } else if (!strncmp(key, "algorithm=", key_len)) {
56  *dest = digest->algorithm;
57  *dest_len = sizeof(digest->algorithm);
58  } else if (!strncmp(key, "qop=", key_len)) {
59  *dest = digest->qop;
60  *dest_len = sizeof(digest->qop);
61  } else if (!strncmp(key, "stale=", key_len)) {
62  *dest = digest->stale;
63  *dest_len = sizeof(digest->stale);
64  }
65 }
66 
67 static void handle_digest_update(HTTPAuthState *state, const char *key,
68  int key_len, char **dest, int *dest_len)
69 {
70  DigestParams *digest = &state->digest_params;
71 
72  if (!strncmp(key, "nextnonce=", key_len)) {
73  *dest = digest->nonce;
74  *dest_len = sizeof(digest->nonce);
75  }
76 }
77 
78 static void choose_qop(char *qop, int size)
79 {
80  char *ptr = strstr(qop, "auth");
81  char *end = ptr + strlen("auth");
82 
83  if (ptr && (!*end || isspace(*end) || *end == ',') &&
84  (ptr == qop || isspace(ptr[-1]) || ptr[-1] == ',')) {
85  av_strlcpy(qop, "auth", size);
86  } else {
87  qop[0] = 0;
88  }
89 }
90 
92  const char *value)
93 {
94  if (!strcmp(key, "WWW-Authenticate") || !strcmp(key, "Proxy-Authenticate")) {
95  const char *p;
96  if (av_stristart(value, "Basic ", &p) &&
97  state->auth_type <= HTTP_AUTH_BASIC) {
98  state->auth_type = HTTP_AUTH_BASIC;
99  state->realm[0] = 0;
100  state->stale = 0;
102  state);
103  } else if (av_stristart(value, "Digest ", &p) &&
104  state->auth_type <= HTTP_AUTH_DIGEST) {
105  state->auth_type = HTTP_AUTH_DIGEST;
106  memset(&state->digest_params, 0, sizeof(DigestParams));
107  state->realm[0] = 0;
108  state->stale = 0;
110  state);
112  sizeof(state->digest_params.qop));
113  if (!av_strcasecmp(state->digest_params.stale, "true"))
114  state->stale = 1;
115  }
116  } else if (!strcmp(key, "Authentication-Info")) {
118  state);
119  }
120 }
121 
122 
123 static void update_md5_strings(struct AVMD5 *md5ctx, ...)
124 {
125  va_list vl;
126 
127  va_start(vl, md5ctx);
128  while (1) {
129  const char* str = va_arg(vl, const char*);
130  if (!str)
131  break;
132  av_md5_update(md5ctx, str, strlen(str));
133  }
134  va_end(vl);
135 }
136 
137 /* Generate a digest reply, according to RFC 2617. */
138 static char *make_digest_auth(HTTPAuthState *state, const char *username,
139  const char *password, const char *uri,
140  const char *method)
141 {
142  DigestParams *digest = &state->digest_params;
143  int len;
144  uint32_t cnonce_buf[2];
145  char cnonce[17];
146  char nc[9];
147  int i;
148  char A1hash[33], A2hash[33], response[33];
149  struct AVMD5 *md5ctx;
150  uint8_t hash[16];
151  char *authstr;
152 
153  digest->nc++;
154  snprintf(nc, sizeof(nc), "%08x", digest->nc);
155 
156  /* Generate a client nonce. */
157  for (i = 0; i < 2; i++)
158  cnonce_buf[i] = av_get_random_seed();
159  ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1);
160  cnonce[2*sizeof(cnonce_buf)] = 0;
161 
162  md5ctx = av_md5_alloc();
163  if (!md5ctx)
164  return NULL;
165 
166  av_md5_init(md5ctx);
167  update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL);
168  av_md5_final(md5ctx, hash);
169  ff_data_to_hex(A1hash, hash, 16, 1);
170  A1hash[32] = 0;
171 
172  if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {
173  } else if (!strcmp(digest->algorithm, "MD5-sess")) {
174  av_md5_init(md5ctx);
175  update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL);
176  av_md5_final(md5ctx, hash);
177  ff_data_to_hex(A1hash, hash, 16, 1);
178  A1hash[32] = 0;
179  } else {
180  /* Unsupported algorithm */
181  av_free(md5ctx);
182  return NULL;
183  }
184 
185  av_md5_init(md5ctx);
186  update_md5_strings(md5ctx, method, ":", uri, NULL);
187  av_md5_final(md5ctx, hash);
188  ff_data_to_hex(A2hash, hash, 16, 1);
189  A2hash[32] = 0;
190 
191  av_md5_init(md5ctx);
192  update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);
193  if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {
194  update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL);
195  }
196  update_md5_strings(md5ctx, ":", A2hash, NULL);
197  av_md5_final(md5ctx, hash);
198  ff_data_to_hex(response, hash, 16, 1);
199  response[32] = 0;
200 
201  av_free(md5ctx);
202 
203  if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) {
204  } else if (!strcmp(digest->qop, "auth-int")) {
205  /* qop=auth-int not supported */
206  return NULL;
207  } else {
208  /* Unsupported qop value. */
209  return NULL;
210  }
211 
212  len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) +
213  strlen(uri) + strlen(response) + strlen(digest->algorithm) +
214  strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +
215  strlen(nc) + 150;
216 
217  authstr = av_malloc(len);
218  if (!authstr)
219  return NULL;
220  snprintf(authstr, len, "Authorization: Digest ");
221 
222  /* TODO: Escape the quoted strings properly. */
223  av_strlcatf(authstr, len, "username=\"%s\"", username);
224  av_strlcatf(authstr, len, ",realm=\"%s\"", state->realm);
225  av_strlcatf(authstr, len, ",nonce=\"%s\"", digest->nonce);
226  av_strlcatf(authstr, len, ",uri=\"%s\"", uri);
227  av_strlcatf(authstr, len, ",response=\"%s\"", response);
228  if (digest->algorithm[0])
229  av_strlcatf(authstr, len, ",algorithm=%s", digest->algorithm);
230  if (digest->opaque[0])
231  av_strlcatf(authstr, len, ",opaque=\"%s\"", digest->opaque);
232  if (digest->qop[0]) {
233  av_strlcatf(authstr, len, ",qop=\"%s\"", digest->qop);
234  av_strlcatf(authstr, len, ",cnonce=\"%s\"", cnonce);
235  av_strlcatf(authstr, len, ",nc=%s", nc);
236  }
237 
238  av_strlcatf(authstr, len, "\r\n");
239 
240  return authstr;
241 }
242 
244  const char *path, const char *method)
245 {
246  char *authstr = NULL;
247 
248  /* Clear the stale flag, we assume the auth is ok now. It is reset
249  * by the server headers if there's a new issue. */
250  state->stale = 0;
251  if (!auth || !strchr(auth, ':'))
252  return NULL;
253 
254  if (state->auth_type == HTTP_AUTH_BASIC) {
255  int auth_b64_len, len;
256  char *ptr, *decoded_auth = ff_urldecode(auth);
257 
258  if (!decoded_auth)
259  return NULL;
260 
261  auth_b64_len = AV_BASE64_SIZE(strlen(decoded_auth));
262  len = auth_b64_len + 30;
263 
264  authstr = av_malloc(len);
265  if (!authstr) {
266  av_free(decoded_auth);
267  return NULL;
268  }
269 
270  snprintf(authstr, len, "Authorization: Basic ");
271  ptr = authstr + strlen(authstr);
272  av_base64_encode(ptr, auth_b64_len, decoded_auth, strlen(decoded_auth));
273  av_strlcat(ptr, "\r\n", len - (ptr - authstr));
274  av_free(decoded_auth);
275  } else if (state->auth_type == HTTP_AUTH_DIGEST) {
276  char *username = ff_urldecode(auth), *password;
277 
278  if (!username)
279  return NULL;
280 
281  if ((password = strchr(username, ':'))) {
282  *password++ = 0;
283  authstr = make_digest_auth(state, username, password, path, method);
284  }
285  av_free(username);
286  }
287  return authstr;
288 }