mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
Add support for http digest authentication
Originally committed as revision 22667 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
parent
d8f9295753
commit
855e7732c6
@ -22,6 +22,9 @@
|
||||
#include "httpauth.h"
|
||||
#include "libavutil/base64.h"
|
||||
#include "libavutil/avstring.h"
|
||||
#include "internal.h"
|
||||
#include "libavutil/random_seed.h"
|
||||
#include "libavutil/md5.h"
|
||||
#include "avformat.h"
|
||||
#include <ctype.h>
|
||||
|
||||
@ -90,6 +93,53 @@ static void handle_basic_params(HTTPAuthState *state, const char *key,
|
||||
}
|
||||
}
|
||||
|
||||
static void handle_digest_params(HTTPAuthState *state, const char *key,
|
||||
int key_len, char **dest, int *dest_len)
|
||||
{
|
||||
DigestParams *digest = &state->digest_params;
|
||||
|
||||
if (!strncmp(key, "realm=", key_len)) {
|
||||
*dest = state->realm;
|
||||
*dest_len = sizeof(state->realm);
|
||||
} else if (!strncmp(key, "nonce=", key_len)) {
|
||||
*dest = digest->nonce;
|
||||
*dest_len = sizeof(digest->nonce);
|
||||
} else if (!strncmp(key, "opaque=", key_len)) {
|
||||
*dest = digest->opaque;
|
||||
*dest_len = sizeof(digest->opaque);
|
||||
} else if (!strncmp(key, "algorithm=", key_len)) {
|
||||
*dest = digest->algorithm;
|
||||
*dest_len = sizeof(digest->algorithm);
|
||||
} else if (!strncmp(key, "qop=", key_len)) {
|
||||
*dest = digest->qop;
|
||||
*dest_len = sizeof(digest->qop);
|
||||
}
|
||||
}
|
||||
|
||||
static void handle_digest_update(HTTPAuthState *state, const char *key,
|
||||
int key_len, char **dest, int *dest_len)
|
||||
{
|
||||
DigestParams *digest = &state->digest_params;
|
||||
|
||||
if (!strncmp(key, "nextnonce=", key_len)) {
|
||||
*dest = digest->nonce;
|
||||
*dest_len = sizeof(digest->nonce);
|
||||
}
|
||||
}
|
||||
|
||||
static void choose_qop(char *qop, int size)
|
||||
{
|
||||
char *ptr = strstr(qop, "auth");
|
||||
char *end = ptr + strlen("auth");
|
||||
|
||||
if (ptr && (!*end || isspace(*end) || *end == ',') &&
|
||||
(ptr == qop || isspace(ptr[-1]) || ptr[-1] == ',')) {
|
||||
av_strlcpy(qop, "auth", size);
|
||||
} else {
|
||||
qop[0] = 0;
|
||||
}
|
||||
}
|
||||
|
||||
void ff_http_auth_handle_header(HTTPAuthState *state, const char *key,
|
||||
const char *value)
|
||||
{
|
||||
@ -103,10 +153,141 @@ void ff_http_auth_handle_header(HTTPAuthState *state, const char *key,
|
||||
state->auth_type = HTTP_AUTH_BASIC;
|
||||
state->realm[0] = 0;
|
||||
parse_key_value(p, handle_basic_params, state);
|
||||
} else if (av_stristart(value, "Digest ", &p) &&
|
||||
state->auth_type <= HTTP_AUTH_DIGEST) {
|
||||
state->auth_type = HTTP_AUTH_DIGEST;
|
||||
memset(&state->digest_params, 0, sizeof(DigestParams));
|
||||
state->realm[0] = 0;
|
||||
parse_key_value(p, handle_digest_params, state);
|
||||
choose_qop(state->digest_params.qop,
|
||||
sizeof(state->digest_params.qop));
|
||||
}
|
||||
} else if (!strcmp(key, "Authentication-Info")) {
|
||||
parse_key_value(value, handle_digest_update, state);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static void update_md5_strings(struct AVMD5 *md5ctx, ...)
|
||||
{
|
||||
va_list vl;
|
||||
|
||||
va_start(vl, md5ctx);
|
||||
while (1) {
|
||||
const char* str = va_arg(vl, const char*);
|
||||
if (!str)
|
||||
break;
|
||||
av_md5_update(md5ctx, str, strlen(str));
|
||||
}
|
||||
va_end(vl);
|
||||
}
|
||||
|
||||
/* Generate a digest reply, according to RFC 2617. */
|
||||
static char *make_digest_auth(HTTPAuthState *state, const char *username,
|
||||
const char *password, const char *uri,
|
||||
const char *method)
|
||||
{
|
||||
DigestParams *digest = &state->digest_params;
|
||||
int len;
|
||||
uint32_t cnonce_buf[2];
|
||||
char cnonce[9];
|
||||
char nc[9];
|
||||
int i;
|
||||
char A1hash[33], A2hash[33], response[33];
|
||||
struct AVMD5 *md5ctx;
|
||||
uint8_t hash[16];
|
||||
char *authstr;
|
||||
|
||||
digest->nc++;
|
||||
snprintf(nc, sizeof(nc), "%08x", digest->nc);
|
||||
|
||||
/* Generate a client nonce. */
|
||||
for (i = 0; i < 2; i++)
|
||||
cnonce_buf[i] = ff_random_get_seed();
|
||||
ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1);
|
||||
cnonce[2*sizeof(cnonce_buf)] = 0;
|
||||
|
||||
md5ctx = av_malloc(av_md5_size);
|
||||
if (!md5ctx)
|
||||
return NULL;
|
||||
|
||||
av_md5_init(md5ctx);
|
||||
update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL);
|
||||
av_md5_final(md5ctx, hash);
|
||||
ff_data_to_hex(A1hash, hash, 16, 1);
|
||||
A1hash[32] = 0;
|
||||
|
||||
if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {
|
||||
} else if (!strcmp(digest->algorithm, "MD5-sess")) {
|
||||
av_md5_init(md5ctx);
|
||||
update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL);
|
||||
av_md5_final(md5ctx, hash);
|
||||
ff_data_to_hex(A1hash, hash, 16, 1);
|
||||
A1hash[32] = 0;
|
||||
} else {
|
||||
/* Unsupported algorithm */
|
||||
av_free(md5ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
av_md5_init(md5ctx);
|
||||
update_md5_strings(md5ctx, method, ":", uri, NULL);
|
||||
av_md5_final(md5ctx, hash);
|
||||
ff_data_to_hex(A2hash, hash, 16, 1);
|
||||
A2hash[32] = 0;
|
||||
|
||||
av_md5_init(md5ctx);
|
||||
update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);
|
||||
if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {
|
||||
update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL);
|
||||
}
|
||||
update_md5_strings(md5ctx, ":", A2hash, NULL);
|
||||
av_md5_final(md5ctx, hash);
|
||||
ff_data_to_hex(response, hash, 16, 1);
|
||||
response[32] = 0;
|
||||
|
||||
av_free(md5ctx);
|
||||
|
||||
if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) {
|
||||
} else if (!strcmp(digest->qop, "auth-int")) {
|
||||
/* qop=auth-int not supported */
|
||||
return NULL;
|
||||
} else {
|
||||
/* Unsupported qop value. */
|
||||
return NULL;
|
||||
}
|
||||
|
||||
len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) +
|
||||
strlen(uri) + strlen(response) + strlen(digest->algorithm) +
|
||||
strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +
|
||||
strlen(nc) + 150;
|
||||
|
||||
authstr = av_malloc(len);
|
||||
if (!authstr)
|
||||
return NULL;
|
||||
snprintf(authstr, len, "Authorization: Digest ");
|
||||
|
||||
/* TODO: Escape the quoted strings properly. */
|
||||
av_strlcatf(authstr, len, "username=\"%s\"", username);
|
||||
av_strlcatf(authstr, len, ",realm=\"%s\"", state->realm);
|
||||
av_strlcatf(authstr, len, ",nonce=\"%s\"", digest->nonce);
|
||||
av_strlcatf(authstr, len, ",uri=\"%s\"", uri);
|
||||
av_strlcatf(authstr, len, ",response=\"%s\"", response);
|
||||
if (digest->algorithm[0])
|
||||
av_strlcatf(authstr, len, ",algorithm=%s", digest->algorithm);
|
||||
if (digest->opaque[0])
|
||||
av_strlcatf(authstr, len, ",opaque=\"%s\"", digest->opaque);
|
||||
if (digest->qop[0]) {
|
||||
av_strlcatf(authstr, len, ",qop=\"%s\"", digest->qop);
|
||||
av_strlcatf(authstr, len, ",cnonce=\"%s\"", cnonce);
|
||||
av_strlcatf(authstr, len, ",nc=%s", nc);
|
||||
}
|
||||
|
||||
av_strlcatf(authstr, len, "\r\n");
|
||||
|
||||
return authstr;
|
||||
}
|
||||
|
||||
char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth,
|
||||
const char *path, const char *method)
|
||||
{
|
||||
@ -126,6 +307,17 @@ char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth,
|
||||
ptr = authstr + strlen(authstr);
|
||||
av_base64_encode(ptr, auth_b64_len, auth, strlen(auth));
|
||||
av_strlcat(ptr, "\r\n", len);
|
||||
} else if (state->auth_type == HTTP_AUTH_DIGEST) {
|
||||
char *username = av_strdup(auth), *password;
|
||||
|
||||
if (!username)
|
||||
return NULL;
|
||||
|
||||
if ((password = strchr(username, ':'))) {
|
||||
*password++ = 0;
|
||||
authstr = make_digest_auth(state, username, password, path, method);
|
||||
}
|
||||
av_free(username);
|
||||
}
|
||||
return authstr;
|
||||
}
|
||||
|
@ -29,8 +29,22 @@ typedef enum HTTPAuthType {
|
||||
HTTP_AUTH_NONE = 0, /**< No authentication specified */
|
||||
HTTP_AUTH_BASIC, /**< HTTP 1.0 Basic auth from RFC 1945
|
||||
* (also in RFC 2617) */
|
||||
HTTP_AUTH_DIGEST, /**< HTTP 1.1 Digest auth from RFC 2617 */
|
||||
} HTTPAuthType;
|
||||
|
||||
typedef struct {
|
||||
char nonce[300]; /**< Server specified nonce */
|
||||
char algorithm[10]; /**< Server specified digest algorithm */
|
||||
char qop[30]; /**< Quality of protection, containing the one
|
||||
* that we've chosen to use, from the
|
||||
* alternatives that the server offered. */
|
||||
char opaque[300]; /**< A server-specified string that should be
|
||||
* included in authentication responses, not
|
||||
* included in the actual digest calculation. */
|
||||
int nc; /**< Nonce count, the number of earlier replies
|
||||
* where this particular nonce has been used. */
|
||||
} DigestParams;
|
||||
|
||||
/**
|
||||
* HTTP Authentication state structure. Must be zero-initialized
|
||||
* before used with the functions below.
|
||||
@ -44,6 +58,10 @@ typedef struct {
|
||||
* Authentication realm
|
||||
*/
|
||||
char realm[200];
|
||||
/**
|
||||
* The parameters specifiec to digest authentication.
|
||||
*/
|
||||
DigestParams digest_params;
|
||||
} HTTPAuthState;
|
||||
|
||||
void ff_http_auth_handle_header(HTTPAuthState *state, const char *key,
|
||||
|
Loading…
Reference in New Issue
Block a user