httpauth.c
Go to the documentation of this file.
1 /*
2  * HTTP authentication
3  * Copyright (c) 2010 Martin Storsjo
4  *
5  * This file is part of Libav.
6  *
7  * Libav is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2.1 of the License, or (at your option) any later version.
11  *
12  * Libav is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with Libav; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20  */
21 
22 #include "httpauth.h"
23 #include "libavutil/base64.h"
24 #include "libavutil/avstring.h"
25 #include "internal.h"
26 #include "libavutil/random_seed.h"
27 #include "libavutil/md5.h"
28 #include "avformat.h"
29 #include <ctype.h>
30 
31 static void handle_basic_params(HTTPAuthState *state, const char *key,
32  int key_len, char **dest, int *dest_len)
33 {
34  if (!strncmp(key, "realm=", key_len)) {
35  *dest = state->realm;
36  *dest_len = sizeof(state->realm);
37  }
38 }
39 
40 static void handle_digest_params(HTTPAuthState *state, const char *key,
41  int key_len, char **dest, int *dest_len)
42 {
43  DigestParams *digest = &state->digest_params;
44 
45  if (!strncmp(key, "realm=", key_len)) {
46  *dest = state->realm;
47  *dest_len = sizeof(state->realm);
48  } else if (!strncmp(key, "nonce=", key_len)) {
49  *dest = digest->nonce;
50  *dest_len = sizeof(digest->nonce);
51  } else if (!strncmp(key, "opaque=", key_len)) {
52  *dest = digest->opaque;
53  *dest_len = sizeof(digest->opaque);
54  } else if (!strncmp(key, "algorithm=", key_len)) {
55  *dest = digest->algorithm;
56  *dest_len = sizeof(digest->algorithm);
57  } else if (!strncmp(key, "qop=", key_len)) {
58  *dest = digest->qop;
59  *dest_len = sizeof(digest->qop);
60  }
61 }
62 
63 static void handle_digest_update(HTTPAuthState *state, const char *key,
64  int key_len, char **dest, int *dest_len)
65 {
66  DigestParams *digest = &state->digest_params;
67 
68  if (!strncmp(key, "nextnonce=", key_len)) {
69  *dest = digest->nonce;
70  *dest_len = sizeof(digest->nonce);
71  }
72 }
73 
74 static void choose_qop(char *qop, int size)
75 {
76  char *ptr = strstr(qop, "auth");
77  char *end = ptr + strlen("auth");
78 
79  if (ptr && (!*end || isspace(*end) || *end == ',') &&
80  (ptr == qop || isspace(ptr[-1]) || ptr[-1] == ',')) {
81  av_strlcpy(qop, "auth", size);
82  } else {
83  qop[0] = 0;
84  }
85 }
86 
88  const char *value)
89 {
90  if (!strcmp(key, "WWW-Authenticate") || !strcmp(key, "Proxy-Authenticate")) {
91  const char *p;
92  if (av_stristart(value, "Basic ", &p) &&
93  state->auth_type <= HTTP_AUTH_BASIC) {
94  state->auth_type = HTTP_AUTH_BASIC;
95  state->realm[0] = 0;
97  state);
98  } else if (av_stristart(value, "Digest ", &p) &&
99  state->auth_type <= HTTP_AUTH_DIGEST) {
100  state->auth_type = HTTP_AUTH_DIGEST;
101  memset(&state->digest_params, 0, sizeof(DigestParams));
102  state->realm[0] = 0;
104  state);
106  sizeof(state->digest_params.qop));
107  }
108  } else if (!strcmp(key, "Authentication-Info")) {
110  state);
111  }
112 }
113 
114 
115 static void update_md5_strings(struct AVMD5 *md5ctx, ...)
116 {
117  va_list vl;
118 
119  va_start(vl, md5ctx);
120  while (1) {
121  const char* str = va_arg(vl, const char*);
122  if (!str)
123  break;
124  av_md5_update(md5ctx, str, strlen(str));
125  }
126  va_end(vl);
127 }
128 
129 /* Generate a digest reply, according to RFC 2617. */
130 static char *make_digest_auth(HTTPAuthState *state, const char *username,
131  const char *password, const char *uri,
132  const char *method)
133 {
134  DigestParams *digest = &state->digest_params;
135  int len;
136  uint32_t cnonce_buf[2];
137  char cnonce[17];
138  char nc[9];
139  int i;
140  char A1hash[33], A2hash[33], response[33];
141  struct AVMD5 *md5ctx;
142  uint8_t hash[16];
143  char *authstr;
144 
145  digest->nc++;
146  snprintf(nc, sizeof(nc), "%08x", digest->nc);
147 
148  /* Generate a client nonce. */
149  for (i = 0; i < 2; i++)
150  cnonce_buf[i] = av_get_random_seed();
151  ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1);
152  cnonce[2*sizeof(cnonce_buf)] = 0;
153 
154  md5ctx = av_malloc(av_md5_size);
155  if (!md5ctx)
156  return NULL;
157 
158  av_md5_init(md5ctx);
159  update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL);
160  av_md5_final(md5ctx, hash);
161  ff_data_to_hex(A1hash, hash, 16, 1);
162  A1hash[32] = 0;
163 
164  if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {
165  } else if (!strcmp(digest->algorithm, "MD5-sess")) {
166  av_md5_init(md5ctx);
167  update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL);
168  av_md5_final(md5ctx, hash);
169  ff_data_to_hex(A1hash, hash, 16, 1);
170  A1hash[32] = 0;
171  } else {
172  /* Unsupported algorithm */
173  av_free(md5ctx);
174  return NULL;
175  }
176 
177  av_md5_init(md5ctx);
178  update_md5_strings(md5ctx, method, ":", uri, NULL);
179  av_md5_final(md5ctx, hash);
180  ff_data_to_hex(A2hash, hash, 16, 1);
181  A2hash[32] = 0;
182 
183  av_md5_init(md5ctx);
184  update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);
185  if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {
186  update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL);
187  }
188  update_md5_strings(md5ctx, ":", A2hash, NULL);
189  av_md5_final(md5ctx, hash);
190  ff_data_to_hex(response, hash, 16, 1);
191  response[32] = 0;
192 
193  av_free(md5ctx);
194 
195  if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) {
196  } else if (!strcmp(digest->qop, "auth-int")) {
197  /* qop=auth-int not supported */
198  return NULL;
199  } else {
200  /* Unsupported qop value. */
201  return NULL;
202  }
203 
204  len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) +
205  strlen(uri) + strlen(response) + strlen(digest->algorithm) +
206  strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +
207  strlen(nc) + 150;
208 
209  authstr = av_malloc(len);
210  if (!authstr)
211  return NULL;
212  snprintf(authstr, len, "Authorization: Digest ");
213 
214  /* TODO: Escape the quoted strings properly. */
215  av_strlcatf(authstr, len, "username=\"%s\"", username);
216  av_strlcatf(authstr, len, ",realm=\"%s\"", state->realm);
217  av_strlcatf(authstr, len, ",nonce=\"%s\"", digest->nonce);
218  av_strlcatf(authstr, len, ",uri=\"%s\"", uri);
219  av_strlcatf(authstr, len, ",response=\"%s\"", response);
220  if (digest->algorithm[0])
221  av_strlcatf(authstr, len, ",algorithm=%s", digest->algorithm);
222  if (digest->opaque[0])
223  av_strlcatf(authstr, len, ",opaque=\"%s\"", digest->opaque);
224  if (digest->qop[0]) {
225  av_strlcatf(authstr, len, ",qop=\"%s\"", digest->qop);
226  av_strlcatf(authstr, len, ",cnonce=\"%s\"", cnonce);
227  av_strlcatf(authstr, len, ",nc=%s", nc);
228  }
229 
230  av_strlcatf(authstr, len, "\r\n");
231 
232  return authstr;
233 }
234 
236  const char *path, const char *method)
237 {
238  char *authstr = NULL;
239 
240  if (!auth || !strchr(auth, ':'))
241  return NULL;
242 
243  if (state->auth_type == HTTP_AUTH_BASIC) {
244  int auth_b64_len = AV_BASE64_SIZE(strlen(auth));
245  int len = auth_b64_len + 30;
246  char *ptr;
247  authstr = av_malloc(len);
248  if (!authstr)
249  return NULL;
250  snprintf(authstr, len, "Authorization: Basic ");
251  ptr = authstr + strlen(authstr);
252  av_base64_encode(ptr, auth_b64_len, auth, strlen(auth));
253  av_strlcat(ptr, "\r\n", len - (ptr - authstr));
254  } else if (state->auth_type == HTTP_AUTH_DIGEST) {
255  char *username = av_strdup(auth), *password;
256 
257  if (!username)
258  return NULL;
259 
260  if ((password = strchr(username, ':'))) {
261  *password++ = 0;
262  authstr = make_digest_auth(state, username, password, path, method);
263  }
264  av_free(username);
265  }
266  return authstr;
267 }
268