httpauth.c
Go to the documentation of this file.
1 /*
2  * HTTP authentication
3  * Copyright (c) 2010 Martin Storsjo
4  *
5  * This file is part of FFmpeg.
6  *
7  * FFmpeg is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2.1 of the License, or (at your option) any later version.
11  *
12  * FFmpeg is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with FFmpeg; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20  */
21 
22 #include "httpauth.h"
23 #include "libavutil/base64.h"
24 #include "libavutil/avstring.h"
25 #include "internal.h"
26 #include "libavutil/random_seed.h"
27 #include "libavutil/md5.h"
28 #include "urldecode.h"
29 #include "avformat.h"
30 
31 static void handle_basic_params(HTTPAuthState *state, const char *key,
32  int key_len, char **dest, int *dest_len)
33 {
34  if (!strncmp(key, "realm=", key_len)) {
35  *dest = state->realm;
36  *dest_len = sizeof(state->realm);
37  }
38 }
39 
40 static void handle_digest_params(HTTPAuthState *state, const char *key,
41  int key_len, char **dest, int *dest_len)
42 {
43  DigestParams *digest = &state->digest_params;
44 
45  if (!strncmp(key, "realm=", key_len)) {
46  *dest = state->realm;
47  *dest_len = sizeof(state->realm);
48  } else if (!strncmp(key, "nonce=", key_len)) {
49  *dest = digest->nonce;
50  *dest_len = sizeof(digest->nonce);
51  } else if (!strncmp(key, "opaque=", key_len)) {
52  *dest = digest->opaque;
53  *dest_len = sizeof(digest->opaque);
54  } else if (!strncmp(key, "algorithm=", key_len)) {
55  *dest = digest->algorithm;
56  *dest_len = sizeof(digest->algorithm);
57  } else if (!strncmp(key, "qop=", key_len)) {
58  *dest = digest->qop;
59  *dest_len = sizeof(digest->qop);
60  } else if (!strncmp(key, "stale=", key_len)) {
61  *dest = digest->stale;
62  *dest_len = sizeof(digest->stale);
63  }
64 }
65 
66 static void handle_digest_update(HTTPAuthState *state, const char *key,
67  int key_len, char **dest, int *dest_len)
68 {
69  DigestParams *digest = &state->digest_params;
70 
71  if (!strncmp(key, "nextnonce=", key_len)) {
72  *dest = digest->nonce;
73  *dest_len = sizeof(digest->nonce);
74  }
75 }
76 
77 static void choose_qop(char *qop, int size)
78 {
79  char *ptr = strstr(qop, "auth");
80  char *end = ptr + strlen("auth");
81 
82  if (ptr && (!*end || av_isspace(*end) || *end == ',') &&
83  (ptr == qop || av_isspace(ptr[-1]) || ptr[-1] == ',')) {
84  av_strlcpy(qop, "auth", size);
85  } else {
86  qop[0] = 0;
87  }
88 }
89 
91  const char *value)
92 {
93  if (!strcmp(key, "WWW-Authenticate") || !strcmp(key, "Proxy-Authenticate")) {
94  const char *p;
95  if (av_stristart(value, "Basic ", &p) &&
96  state->auth_type <= HTTP_AUTH_BASIC) {
97  state->auth_type = HTTP_AUTH_BASIC;
98  state->realm[0] = 0;
99  state->stale = 0;
101  state);
102  } else if (av_stristart(value, "Digest ", &p) &&
103  state->auth_type <= HTTP_AUTH_DIGEST) {
104  state->auth_type = HTTP_AUTH_DIGEST;
105  memset(&state->digest_params, 0, sizeof(DigestParams));
106  state->realm[0] = 0;
107  state->stale = 0;
109  state);
111  sizeof(state->digest_params.qop));
112  if (!av_strcasecmp(state->digest_params.stale, "true"))
113  state->stale = 1;
114  }
115  } else if (!strcmp(key, "Authentication-Info")) {
117  state);
118  }
119 }
120 
121 
122 static void update_md5_strings(struct AVMD5 *md5ctx, ...)
123 {
124  va_list vl;
125 
126  va_start(vl, md5ctx);
127  while (1) {
128  const char* str = va_arg(vl, const char*);
129  if (!str)
130  break;
131  av_md5_update(md5ctx, str, strlen(str));
132  }
133  va_end(vl);
134 }
135 
136 /* Generate a digest reply, according to RFC 2617. */
137 static char *make_digest_auth(HTTPAuthState *state, const char *username,
138  const char *password, const char *uri,
139  const char *method)
140 {
141  DigestParams *digest = &state->digest_params;
142  int len;
143  uint32_t cnonce_buf[2];
144  char cnonce[17];
145  char nc[9];
146  int i;
147  char A1hash[33], A2hash[33], response[33];
148  struct AVMD5 *md5ctx;
149  uint8_t hash[16];
150  char *authstr;
151 
152  digest->nc++;
153  snprintf(nc, sizeof(nc), "%08x", digest->nc);
154 
155  /* Generate a client nonce. */
156  for (i = 0; i < 2; i++)
157  cnonce_buf[i] = av_get_random_seed();
158  ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1);
159  cnonce[2*sizeof(cnonce_buf)] = 0;
160 
161  md5ctx = av_md5_alloc();
162  if (!md5ctx)
163  return NULL;
164 
165  av_md5_init(md5ctx);
166  update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL);
167  av_md5_final(md5ctx, hash);
168  ff_data_to_hex(A1hash, hash, 16, 1);
169  A1hash[32] = 0;
170 
171  if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {
172  } else if (!strcmp(digest->algorithm, "MD5-sess")) {
173  av_md5_init(md5ctx);
174  update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL);
175  av_md5_final(md5ctx, hash);
176  ff_data_to_hex(A1hash, hash, 16, 1);
177  A1hash[32] = 0;
178  } else {
179  /* Unsupported algorithm */
180  av_free(md5ctx);
181  return NULL;
182  }
183 
184  av_md5_init(md5ctx);
185  update_md5_strings(md5ctx, method, ":", uri, NULL);
186  av_md5_final(md5ctx, hash);
187  ff_data_to_hex(A2hash, hash, 16, 1);
188  A2hash[32] = 0;
189 
190  av_md5_init(md5ctx);
191  update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);
192  if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {
193  update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL);
194  }
195  update_md5_strings(md5ctx, ":", A2hash, NULL);
196  av_md5_final(md5ctx, hash);
197  ff_data_to_hex(response, hash, 16, 1);
198  response[32] = 0;
199 
200  av_free(md5ctx);
201 
202  if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) {
203  } else if (!strcmp(digest->qop, "auth-int")) {
204  /* qop=auth-int not supported */
205  return NULL;
206  } else {
207  /* Unsupported qop value. */
208  return NULL;
209  }
210 
211  len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) +
212  strlen(uri) + strlen(response) + strlen(digest->algorithm) +
213  strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +
214  strlen(nc) + 150;
215 
216  authstr = av_malloc(len);
217  if (!authstr)
218  return NULL;
219  snprintf(authstr, len, "Authorization: Digest ");
220 
221  /* TODO: Escape the quoted strings properly. */
222  av_strlcatf(authstr, len, "username=\"%s\"", username);
223  av_strlcatf(authstr, len, ",realm=\"%s\"", state->realm);
224  av_strlcatf(authstr, len, ",nonce=\"%s\"", digest->nonce);
225  av_strlcatf(authstr, len, ",uri=\"%s\"", uri);
226  av_strlcatf(authstr, len, ",response=\"%s\"", response);
227  if (digest->algorithm[0])
228  av_strlcatf(authstr, len, ",algorithm=%s", digest->algorithm);
229  if (digest->opaque[0])
230  av_strlcatf(authstr, len, ",opaque=\"%s\"", digest->opaque);
231  if (digest->qop[0]) {
232  av_strlcatf(authstr, len, ",qop=\"%s\"", digest->qop);
233  av_strlcatf(authstr, len, ",cnonce=\"%s\"", cnonce);
234  av_strlcatf(authstr, len, ",nc=%s", nc);
235  }
236 
237  av_strlcatf(authstr, len, "\r\n");
238 
239  return authstr;
240 }
241 
243  const char *path, const char *method)
244 {
245  char *authstr = NULL;
246 
247  /* Clear the stale flag, we assume the auth is ok now. It is reset
248  * by the server headers if there's a new issue. */
249  state->stale = 0;
250  if (!auth || !strchr(auth, ':'))
251  return NULL;
252 
253  if (state->auth_type == HTTP_AUTH_BASIC) {
254  int auth_b64_len, len;
255  char *ptr, *decoded_auth = ff_urldecode(auth);
256 
257  if (!decoded_auth)
258  return NULL;
259 
260  auth_b64_len = AV_BASE64_SIZE(strlen(decoded_auth));
261  len = auth_b64_len + 30;
262 
263  authstr = av_malloc(len);
264  if (!authstr) {
265  av_free(decoded_auth);
266  return NULL;
267  }
268 
269  snprintf(authstr, len, "Authorization: Basic ");
270  ptr = authstr + strlen(authstr);
271  av_base64_encode(ptr, auth_b64_len, decoded_auth, strlen(decoded_auth));
272  av_strlcat(ptr, "\r\n", len - (ptr - authstr));
273  av_free(decoded_auth);
274  } else if (state->auth_type == HTTP_AUTH_DIGEST) {
275  char *username = ff_urldecode(auth), *password;
276 
277  if (!username)
278  return NULL;
279 
280  if ((password = strchr(username, ':'))) {
281  *password++ = 0;
282  authstr = make_digest_auth(state, username, password, path, method);
283  }
284  av_free(username);
285  }
286  return authstr;
287 }
char algorithm[10]
Server specified digest algorithm.
Definition: httpauth.h:37
static int hash(int head, const int add)
Hash function adding character.
Definition: lzwenc.c:74
static void handle_basic_params(HTTPAuthState *state, const char *key, int key_len, char **dest, int *dest_len)
Definition: httpauth.c:31
HTTP Authentication state structure.
Definition: httpauth.h:55
int av_stristart(const char *str, const char *pfx, const char **ptr)
Return non-zero if pfx is a prefix of str independent of case.
Definition: avstring.c:44
struct AVMD5 * av_md5_alloc(void)
Definition: md5.c:47
uint8_t
end end
char opaque[300]
A server-specified string that should be included in authentication responses, not included in the ac...
Definition: httpauth.h:41
HTTP 1.0 Basic auth from RFC 1945 (also in RFC 2617)
Definition: httpauth.h:30
Definition: md5.c:39
static void choose_qop(char *qop, int size)
Definition: httpauth.c:77
void av_md5_update(AVMD5 *ctx, const uint8_t *src, const int len)
Definition: md5.c:142
void av_free(void *ptr)
Free a memory block which has been allocated with av_malloc(z)() or av_realloc(). ...
Definition: mem.c:183
string username
Definition: lastfm_tags.py:48
int av_isspace(int c)
Locale-independent conversion of ASCII isspace.
Definition: avstring.c:298
char * av_base64_encode(char *out, int out_size, const uint8_t *in, int in_size)
Encode data to base64 and null-terminate.
size_t av_strlcpy(char *dst, const char *src, size_t size)
Copy the string src to dst, but no more than size - 1 bytes, and null-terminate dst.
Definition: avstring.c:82
int size
#define AV_BASE64_SIZE(x)
Calculate the output size needed to base64-encode x bytes to a null-terminated string.
Definition: base64.h:61
void(* ff_parse_key_val_cb)(void *context, const char *key, int key_len, char **dest, int *dest_len)
Callback function type for ff_parse_key_value.
int av_strcasecmp(const char *a, const char *b)
Locale-independent case-insensitive compare.
Definition: avstring.c:212
static char * make_digest_auth(HTTPAuthState *state, const char *username, const char *password, const char *uri, const char *method)
Definition: httpauth.c:137
int stale
Auth ok, but needs to be resent with a new nonce.
Definition: httpauth.h:71
static void handle_digest_params(HTTPAuthState *state, const char *key, int key_len, char **dest, int *dest_len)
Definition: httpauth.c:40
NULL
Definition: eval.c:55
dest
Definition: start.py:60
char realm[200]
Authentication realm.
Definition: httpauth.h:63
void av_md5_init(AVMD5 *ctx)
Definition: md5.c:132
double value
Definition: eval.c:82
void * av_malloc(size_t size)
Allocate a block of size bytes with alignment suitable for all memory accesses (including vectors if ...
Definition: mem.c:73
HTTP 1.1 Digest auth from RFC 2617.
Definition: httpauth.h:32
synthesis window for stochastic i
char qop[30]
Quality of protection, containing the one that we&#39;ve chosen to use, from the alternatives that the se...
Definition: httpauth.h:38
size_t av_strlcatf(char *dst, size_t size, const char *fmt,...)
Definition: avstring.c:100
#define snprintf
Definition: snprintf.h:34
void av_md5_final(AVMD5 *ctx, uint8_t *dst)
Definition: md5.c:158
char * ff_http_auth_create_response(HTTPAuthState *state, const char *auth, const char *path, const char *method)
Definition: httpauth.c:242
size_t av_strlcat(char *dst, const char *src, size_t size)
Append the string src to the string dst, but to a total length of no more than size - 1 bytes...
Definition: avstring.c:92
static uint32_t state
Definition: trasher.c:27
void ff_parse_key_value(const char *str, ff_parse_key_val_cb callback_get_buf, void *context)
Parse a string with comma-separated key=value pairs.
Main libavformat public API header.
void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, const char *value)
Definition: httpauth.c:90
static void handle_digest_update(HTTPAuthState *state, const char *key, int key_len, char **dest, int *dest_len)
Definition: httpauth.c:66
int len
char nonce[300]
Server specified nonce.
Definition: httpauth.h:36
DigestParams digest_params
The parameters specifiec to digest authentication.
Definition: httpauth.h:67
HTTPAuthType auth_type
The currently chosen auth type.
Definition: httpauth.h:59
int nc
Nonce count, the number of earlier replies where this particular nonce has been used.
Definition: httpauth.h:47
uint32_t av_get_random_seed(void)
Get a seed to use in conjunction with random functions.
Definition: random_seed.c:105
char stale[10]
The server indicated that the auth was ok, but needs to be redone with a new, non-stale nonce...
Definition: httpauth.h:44
char * ff_data_to_hex(char *buf, const uint8_t *src, int size, int lowercase)
static void update_md5_strings(struct AVMD5 *md5ctx,...)
Definition: httpauth.c:122
char * ff_urldecode(const char *url)
Decodes an URL from its percent-encoded form back into normal representation.
Definition: urldecode.c:35