3
* Copyright (c) 2010 Martin Storsjo
5
* This file is part of FFmpeg.
7
* FFmpeg is free software; you can redistribute it and/or
8
* modify it under the terms of the GNU Lesser General Public
9
* License as published by the Free Software Foundation; either
10
* version 2.1 of the License, or (at your option) any later version.
12
* FFmpeg is distributed in the hope that it will be useful,
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15
* Lesser General Public License for more details.
17
* You should have received a copy of the GNU Lesser General Public
18
* License along with FFmpeg; if not, write to the Free Software
19
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
23
#include "libavutil/base64.h"
24
#include "libavutil/avstring.h"
26
#include "libavutil/random_seed.h"
27
#include "libavutil/md5.h"
31
static void parse_key_value(const char *params,
32
void (*callback_get_buf)(HTTPAuthState *state,
33
const char *key, int key_len,
34
char **dest, int *dest_len), HTTPAuthState *state)
36
const char *ptr = params;
38
/* Parse key=value pairs. */
41
char *dest = NULL, *dest_end;
42
int key_len, dest_len = 0;
44
/* Skip whitespace and potential commas. */
45
while (*ptr && (isspace(*ptr) || *ptr == ','))
52
if (!(ptr = strchr(key, '=')))
57
callback_get_buf(state, key, key_len, &dest, &dest_len);
58
dest_end = dest + dest_len - 1;
62
while (*ptr && *ptr != '\"') {
66
if (dest && dest < dest_end)
70
if (dest && dest < dest_end)
78
for (; *ptr && !(isspace(*ptr) || *ptr == ','); ptr++)
79
if (dest && dest < dest_end)
87
static void handle_basic_params(HTTPAuthState *state, const char *key,
88
int key_len, char **dest, int *dest_len)
90
if (!strncmp(key, "realm=", key_len)) {
92
*dest_len = sizeof(state->realm);
96
static void handle_digest_params(HTTPAuthState *state, const char *key,
97
int key_len, char **dest, int *dest_len)
99
DigestParams *digest = &state->digest_params;
101
if (!strncmp(key, "realm=", key_len)) {
102
*dest = state->realm;
103
*dest_len = sizeof(state->realm);
104
} else if (!strncmp(key, "nonce=", key_len)) {
105
*dest = digest->nonce;
106
*dest_len = sizeof(digest->nonce);
107
} else if (!strncmp(key, "opaque=", key_len)) {
108
*dest = digest->opaque;
109
*dest_len = sizeof(digest->opaque);
110
} else if (!strncmp(key, "algorithm=", key_len)) {
111
*dest = digest->algorithm;
112
*dest_len = sizeof(digest->algorithm);
113
} else if (!strncmp(key, "qop=", key_len)) {
115
*dest_len = sizeof(digest->qop);
119
static void handle_digest_update(HTTPAuthState *state, const char *key,
120
int key_len, char **dest, int *dest_len)
122
DigestParams *digest = &state->digest_params;
124
if (!strncmp(key, "nextnonce=", key_len)) {
125
*dest = digest->nonce;
126
*dest_len = sizeof(digest->nonce);
130
static void choose_qop(char *qop, int size)
132
char *ptr = strstr(qop, "auth");
133
char *end = ptr + strlen("auth");
135
if (ptr && (!*end || isspace(*end) || *end == ',') &&
136
(ptr == qop || isspace(ptr[-1]) || ptr[-1] == ',')) {
137
av_strlcpy(qop, "auth", size);
143
void ff_http_auth_handle_header(HTTPAuthState *state, const char *key,
146
if (!strcmp(key, "WWW-Authenticate")) {
148
if (av_stristart(value, "Basic ", &p) &&
149
state->auth_type <= HTTP_AUTH_BASIC) {
150
state->auth_type = HTTP_AUTH_BASIC;
152
parse_key_value(p, handle_basic_params, state);
153
} else if (av_stristart(value, "Digest ", &p) &&
154
state->auth_type <= HTTP_AUTH_DIGEST) {
155
state->auth_type = HTTP_AUTH_DIGEST;
156
memset(&state->digest_params, 0, sizeof(DigestParams));
158
parse_key_value(p, handle_digest_params, state);
159
choose_qop(state->digest_params.qop,
160
sizeof(state->digest_params.qop));
162
} else if (!strcmp(key, "Authentication-Info")) {
163
parse_key_value(value, handle_digest_update, state);
168
static void update_md5_strings(struct AVMD5 *md5ctx, ...)
172
va_start(vl, md5ctx);
174
const char* str = va_arg(vl, const char*);
177
av_md5_update(md5ctx, str, strlen(str));
182
/* Generate a digest reply, according to RFC 2617. */
183
static char *make_digest_auth(HTTPAuthState *state, const char *username,
184
const char *password, const char *uri,
187
DigestParams *digest = &state->digest_params;
189
uint32_t cnonce_buf[2];
193
char A1hash[33], A2hash[33], response[33];
194
struct AVMD5 *md5ctx;
199
snprintf(nc, sizeof(nc), "%08x", digest->nc);
201
/* Generate a client nonce. */
202
for (i = 0; i < 2; i++)
203
cnonce_buf[i] = ff_random_get_seed();
204
ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1);
205
cnonce[2*sizeof(cnonce_buf)] = 0;
207
md5ctx = av_malloc(av_md5_size);
212
update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL);
213
av_md5_final(md5ctx, hash);
214
ff_data_to_hex(A1hash, hash, 16, 1);
217
if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {
218
} else if (!strcmp(digest->algorithm, "MD5-sess")) {
220
update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL);
221
av_md5_final(md5ctx, hash);
222
ff_data_to_hex(A1hash, hash, 16, 1);
225
/* Unsupported algorithm */
231
update_md5_strings(md5ctx, method, ":", uri, NULL);
232
av_md5_final(md5ctx, hash);
233
ff_data_to_hex(A2hash, hash, 16, 1);
237
update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);
238
if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {
239
update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL);
241
update_md5_strings(md5ctx, ":", A2hash, NULL);
242
av_md5_final(md5ctx, hash);
243
ff_data_to_hex(response, hash, 16, 1);
248
if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) {
249
} else if (!strcmp(digest->qop, "auth-int")) {
250
/* qop=auth-int not supported */
253
/* Unsupported qop value. */
257
len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) +
258
strlen(uri) + strlen(response) + strlen(digest->algorithm) +
259
strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +
262
authstr = av_malloc(len);
265
snprintf(authstr, len, "Authorization: Digest ");
267
/* TODO: Escape the quoted strings properly. */
268
av_strlcatf(authstr, len, "username=\"%s\"", username);
269
av_strlcatf(authstr, len, ",realm=\"%s\"", state->realm);
270
av_strlcatf(authstr, len, ",nonce=\"%s\"", digest->nonce);
271
av_strlcatf(authstr, len, ",uri=\"%s\"", uri);
272
av_strlcatf(authstr, len, ",response=\"%s\"", response);
273
if (digest->algorithm[0])
274
av_strlcatf(authstr, len, ",algorithm=%s", digest->algorithm);
275
if (digest->opaque[0])
276
av_strlcatf(authstr, len, ",opaque=\"%s\"", digest->opaque);
277
if (digest->qop[0]) {
278
av_strlcatf(authstr, len, ",qop=\"%s\"", digest->qop);
279
av_strlcatf(authstr, len, ",cnonce=\"%s\"", cnonce);
280
av_strlcatf(authstr, len, ",nc=%s", nc);
283
av_strlcatf(authstr, len, "\r\n");
288
char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth,
289
const char *path, const char *method)
291
char *authstr = NULL;
293
if (!auth || !strchr(auth, ':'))
296
if (state->auth_type == HTTP_AUTH_BASIC) {
297
int auth_b64_len = (strlen(auth) + 2) / 3 * 4 + 1;
298
int len = auth_b64_len + 30;
300
authstr = av_malloc(len);
303
snprintf(authstr, len, "Authorization: Basic ");
304
ptr = authstr + strlen(authstr);
305
av_base64_encode(ptr, auth_b64_len, auth, strlen(auth));
306
av_strlcat(ptr, "\r\n", len);
307
} else if (state->auth_type == HTTP_AUTH_DIGEST) {
308
char *username = av_strdup(auth), *password;
313
if ((password = strchr(username, ':'))) {
315
authstr = make_digest_auth(state, username, password, path, method);