2009-07-22 01:06:38 +02:00
|
|
|
/*****************************************************************************
|
|
|
|
* http_auth.c: HTTP authentication for clients as per RFC2617
|
|
|
|
*****************************************************************************
|
LGPL
Re-license almost all of libVLC and libVLCcore to LGPLv2.1+
This move was authorized by the developers, either:
- by e-mail,
- by vote at the VideoLAN Dev Days 2011,
- on the license website,
- in a contract, oral or written.
No objection was raised, so far.
The developers agreeing are:
Justus Piater
Alexis Ballier
Alexander Bethke
Mohammed Adnène Trojette
Alex Converse
Alexey Sokolov
Alexis de Lattre
Andre Pang
Anthony Loiseau
Cyril Deguet
André Weber
Boris Dorès
Brieuc Jeunhomme
Benjamin Drung
Hugo Beauzée-Luyssen
Benoit Steiner
Benjamin Pracht
Bernie Purcell
Przemyslaw Fiala
Arnaud de Bossoreille de Ribou
Brad Smith
Nick Briggs
Christopher Rath
Christophe Courtaut
Christopher Mueller
Clement Chesnin
Andres Krapf
Damien Fouilleul
David Flynn
Sebastien Zwickert
Antoine Cellerier
Jérôme Decoodt
Jérome Decoodt
Dylan Yudaken
Eduard Babayan
Eugenio Jarosiewicz
Elliot Murphy
Eric Petit
Erwan Tulou
Etienne Membrives
Ludovic Fauvet
Fabio Ritrovato
Tobias Güntner
Jakub Wieczorek
Frédéric Crozat
Francois Cartegnie
Laurent Aimar
Florian G. Pflug
Felix Paul Kühne
Frank Enderle
Rafaël Carré
Simon Latapie
Gildas Bazin
Geoffroy Couprie
Julien / Gellule
Gildas Bazin
Arnaud Schauly
Toralf Niebuhr
Vicente Jimenez Aguilar
Derk-Jan Hartman
Henri Fallon
Ilkka Ollakka
Olivier Teulière
Rémi Duraffort
Jakob Leben
Jean-Baptiste Kempf
Jean-Paul Saman
Jean-Philippe Grimaldi
Jean-François Massol
Gaël Hendryckx
Jakob Leben
Jean-Marc Dressler
Jai Menon
Johan Bilien
Johann Ransay
Joris van Rooij
JP Dinger
Jean-Philippe André
Adrien Grand
Juha Jeronen
Juho Vähä-Herttua
Kaarlo Raiha
Kaarlo Raiha
Kamil Baldyga
Keary Griffin
Ken Self
KO Myung-Hun
Pierre Ynard
Filippo Carone
Loïc Minier
Luca Barbato
Lucas C. Villa Real
Lukas Durfina
Adrien Maglo
Marc Ariberti
Mark Lee
Mark Moriarty
Martin Storsjö
Christophe Massiot
Michel Kaempf
Marian Ďurkovič
Mirsal Ennaime
Carlo Calabrò
Damien Lucas
Naohiro Koriyama
Basos G
Pierre Baillet
Vincent Penquerc'h
Olivier Aubert
Pankaj Yadav
Paul Corke
Pierre d'Herbemont
Philippe Morin
Antoine Lejeune
Michael Ploujnikov
Jean-Marc Dressler
Michael Hanselmann
Rafaël Carré
Ramiro Polla
Rémi Denis-Courmont
Renaud Dartus
Richard Shepherd
Faustino Osuna
Arnaud Vallat
Rob Jonson
Robert Jedrzejczyk
Steve Lhomme
Rocky Bernstein
Romain Goyet
Rov Juvano
Sam Hocevar
Martin T. H. Sandsmark
Sebastian Birk
Sébastien Escudier
Vincent Seguin
Fabio Ritrovato
Sigmund Augdal Helberg
Casian Andrei
Srikanth Raju
Hannes Domani
Stéphane Borel
Stephan Krempel
Stephan Assmus
Tony Castley
Pavlov Konstantin
Eric Petit
Tanguy Krotoff
Dennis van Amerongen
Michel Lespinasse
Can Wu
Xavier Marchesini
Sébastien Toque
Christophe Mutricy
Yoann Peronneau
Yohann Martineau
Yuval Tze
Scott Caudle
Clément Stenac
It is possible, that some minor piece of code was badly tracked, for
some reasons (SVN, mainly) or that some small developers did not answer.
However, as an "œuvre collective", defined as in "CPI 113-2 alinéa 3",
and seeing "Cour. Cass. 17 Mai 1978", and seeing that the editor and
the very vast majority of developers have agreed (> 99.99% of the code,
> 99% of developers), we are fine here.
2011-11-27 21:44:15 +01:00
|
|
|
* Copyright (C) 2001-2008 VLC authors and VideoLAN
|
2009-07-22 01:06:38 +02:00
|
|
|
*
|
|
|
|
* Authors: Laurent Aimar <fenrir@via.ecp.fr>
|
|
|
|
* Christophe Massiot <massiot@via.ecp.fr>
|
2019-09-04 21:10:51 +02:00
|
|
|
* Rémi Denis-Courmont
|
2009-07-22 01:06:38 +02:00
|
|
|
* Antoine Cellerier <dionoea at videolan dot org>
|
|
|
|
*
|
LGPL
Re-license almost all of libVLC and libVLCcore to LGPLv2.1+
This move was authorized by the developers, either:
- by e-mail,
- by vote at the VideoLAN Dev Days 2011,
- on the license website,
- in a contract, oral or written.
No objection was raised, so far.
The developers agreeing are:
Justus Piater
Alexis Ballier
Alexander Bethke
Mohammed Adnène Trojette
Alex Converse
Alexey Sokolov
Alexis de Lattre
Andre Pang
Anthony Loiseau
Cyril Deguet
André Weber
Boris Dorès
Brieuc Jeunhomme
Benjamin Drung
Hugo Beauzée-Luyssen
Benoit Steiner
Benjamin Pracht
Bernie Purcell
Przemyslaw Fiala
Arnaud de Bossoreille de Ribou
Brad Smith
Nick Briggs
Christopher Rath
Christophe Courtaut
Christopher Mueller
Clement Chesnin
Andres Krapf
Damien Fouilleul
David Flynn
Sebastien Zwickert
Antoine Cellerier
Jérôme Decoodt
Jérome Decoodt
Dylan Yudaken
Eduard Babayan
Eugenio Jarosiewicz
Elliot Murphy
Eric Petit
Erwan Tulou
Etienne Membrives
Ludovic Fauvet
Fabio Ritrovato
Tobias Güntner
Jakub Wieczorek
Frédéric Crozat
Francois Cartegnie
Laurent Aimar
Florian G. Pflug
Felix Paul Kühne
Frank Enderle
Rafaël Carré
Simon Latapie
Gildas Bazin
Geoffroy Couprie
Julien / Gellule
Gildas Bazin
Arnaud Schauly
Toralf Niebuhr
Vicente Jimenez Aguilar
Derk-Jan Hartman
Henri Fallon
Ilkka Ollakka
Olivier Teulière
Rémi Duraffort
Jakob Leben
Jean-Baptiste Kempf
Jean-Paul Saman
Jean-Philippe Grimaldi
Jean-François Massol
Gaël Hendryckx
Jakob Leben
Jean-Marc Dressler
Jai Menon
Johan Bilien
Johann Ransay
Joris van Rooij
JP Dinger
Jean-Philippe André
Adrien Grand
Juha Jeronen
Juho Vähä-Herttua
Kaarlo Raiha
Kaarlo Raiha
Kamil Baldyga
Keary Griffin
Ken Self
KO Myung-Hun
Pierre Ynard
Filippo Carone
Loïc Minier
Luca Barbato
Lucas C. Villa Real
Lukas Durfina
Adrien Maglo
Marc Ariberti
Mark Lee
Mark Moriarty
Martin Storsjö
Christophe Massiot
Michel Kaempf
Marian Ďurkovič
Mirsal Ennaime
Carlo Calabrò
Damien Lucas
Naohiro Koriyama
Basos G
Pierre Baillet
Vincent Penquerc'h
Olivier Aubert
Pankaj Yadav
Paul Corke
Pierre d'Herbemont
Philippe Morin
Antoine Lejeune
Michael Ploujnikov
Jean-Marc Dressler
Michael Hanselmann
Rafaël Carré
Ramiro Polla
Rémi Denis-Courmont
Renaud Dartus
Richard Shepherd
Faustino Osuna
Arnaud Vallat
Rob Jonson
Robert Jedrzejczyk
Steve Lhomme
Rocky Bernstein
Romain Goyet
Rov Juvano
Sam Hocevar
Martin T. H. Sandsmark
Sebastian Birk
Sébastien Escudier
Vincent Seguin
Fabio Ritrovato
Sigmund Augdal Helberg
Casian Andrei
Srikanth Raju
Hannes Domani
Stéphane Borel
Stephan Krempel
Stephan Assmus
Tony Castley
Pavlov Konstantin
Eric Petit
Tanguy Krotoff
Dennis van Amerongen
Michel Lespinasse
Can Wu
Xavier Marchesini
Sébastien Toque
Christophe Mutricy
Yoann Peronneau
Yohann Martineau
Yuval Tze
Scott Caudle
Clément Stenac
It is possible, that some minor piece of code was badly tracked, for
some reasons (SVN, mainly) or that some small developers did not answer.
However, as an "œuvre collective", defined as in "CPI 113-2 alinéa 3",
and seeing "Cour. Cass. 17 Mai 1978", and seeing that the editor and
the very vast majority of developers have agreed (> 99.99% of the code,
> 99% of developers), we are fine here.
2011-11-27 21:44:15 +01:00
|
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU Lesser General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2.1 of the License, or
|
2009-07-22 01:06:38 +02:00
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
LGPL
Re-license almost all of libVLC and libVLCcore to LGPLv2.1+
This move was authorized by the developers, either:
- by e-mail,
- by vote at the VideoLAN Dev Days 2011,
- on the license website,
- in a contract, oral or written.
No objection was raised, so far.
The developers agreeing are:
Justus Piater
Alexis Ballier
Alexander Bethke
Mohammed Adnène Trojette
Alex Converse
Alexey Sokolov
Alexis de Lattre
Andre Pang
Anthony Loiseau
Cyril Deguet
André Weber
Boris Dorès
Brieuc Jeunhomme
Benjamin Drung
Hugo Beauzée-Luyssen
Benoit Steiner
Benjamin Pracht
Bernie Purcell
Przemyslaw Fiala
Arnaud de Bossoreille de Ribou
Brad Smith
Nick Briggs
Christopher Rath
Christophe Courtaut
Christopher Mueller
Clement Chesnin
Andres Krapf
Damien Fouilleul
David Flynn
Sebastien Zwickert
Antoine Cellerier
Jérôme Decoodt
Jérome Decoodt
Dylan Yudaken
Eduard Babayan
Eugenio Jarosiewicz
Elliot Murphy
Eric Petit
Erwan Tulou
Etienne Membrives
Ludovic Fauvet
Fabio Ritrovato
Tobias Güntner
Jakub Wieczorek
Frédéric Crozat
Francois Cartegnie
Laurent Aimar
Florian G. Pflug
Felix Paul Kühne
Frank Enderle
Rafaël Carré
Simon Latapie
Gildas Bazin
Geoffroy Couprie
Julien / Gellule
Gildas Bazin
Arnaud Schauly
Toralf Niebuhr
Vicente Jimenez Aguilar
Derk-Jan Hartman
Henri Fallon
Ilkka Ollakka
Olivier Teulière
Rémi Duraffort
Jakob Leben
Jean-Baptiste Kempf
Jean-Paul Saman
Jean-Philippe Grimaldi
Jean-François Massol
Gaël Hendryckx
Jakob Leben
Jean-Marc Dressler
Jai Menon
Johan Bilien
Johann Ransay
Joris van Rooij
JP Dinger
Jean-Philippe André
Adrien Grand
Juha Jeronen
Juho Vähä-Herttua
Kaarlo Raiha
Kaarlo Raiha
Kamil Baldyga
Keary Griffin
Ken Self
KO Myung-Hun
Pierre Ynard
Filippo Carone
Loïc Minier
Luca Barbato
Lucas C. Villa Real
Lukas Durfina
Adrien Maglo
Marc Ariberti
Mark Lee
Mark Moriarty
Martin Storsjö
Christophe Massiot
Michel Kaempf
Marian Ďurkovič
Mirsal Ennaime
Carlo Calabrò
Damien Lucas
Naohiro Koriyama
Basos G
Pierre Baillet
Vincent Penquerc'h
Olivier Aubert
Pankaj Yadav
Paul Corke
Pierre d'Herbemont
Philippe Morin
Antoine Lejeune
Michael Ploujnikov
Jean-Marc Dressler
Michael Hanselmann
Rafaël Carré
Ramiro Polla
Rémi Denis-Courmont
Renaud Dartus
Richard Shepherd
Faustino Osuna
Arnaud Vallat
Rob Jonson
Robert Jedrzejczyk
Steve Lhomme
Rocky Bernstein
Romain Goyet
Rov Juvano
Sam Hocevar
Martin T. H. Sandsmark
Sebastian Birk
Sébastien Escudier
Vincent Seguin
Fabio Ritrovato
Sigmund Augdal Helberg
Casian Andrei
Srikanth Raju
Hannes Domani
Stéphane Borel
Stephan Krempel
Stephan Assmus
Tony Castley
Pavlov Konstantin
Eric Petit
Tanguy Krotoff
Dennis van Amerongen
Michel Lespinasse
Can Wu
Xavier Marchesini
Sébastien Toque
Christophe Mutricy
Yoann Peronneau
Yohann Martineau
Yuval Tze
Scott Caudle
Clément Stenac
It is possible, that some minor piece of code was badly tracked, for
some reasons (SVN, mainly) or that some small developers did not answer.
However, as an "œuvre collective", defined as in "CPI 113-2 alinéa 3",
and seeing "Cour. Cass. 17 Mai 1978", and seeing that the editor and
the very vast majority of developers have agreed (> 99.99% of the code,
> 99% of developers), we are fine here.
2011-11-27 21:44:15 +01:00
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Lesser General Public License for more details.
|
2009-07-22 01:06:38 +02:00
|
|
|
*
|
LGPL
Re-license almost all of libVLC and libVLCcore to LGPLv2.1+
This move was authorized by the developers, either:
- by e-mail,
- by vote at the VideoLAN Dev Days 2011,
- on the license website,
- in a contract, oral or written.
No objection was raised, so far.
The developers agreeing are:
Justus Piater
Alexis Ballier
Alexander Bethke
Mohammed Adnène Trojette
Alex Converse
Alexey Sokolov
Alexis de Lattre
Andre Pang
Anthony Loiseau
Cyril Deguet
André Weber
Boris Dorès
Brieuc Jeunhomme
Benjamin Drung
Hugo Beauzée-Luyssen
Benoit Steiner
Benjamin Pracht
Bernie Purcell
Przemyslaw Fiala
Arnaud de Bossoreille de Ribou
Brad Smith
Nick Briggs
Christopher Rath
Christophe Courtaut
Christopher Mueller
Clement Chesnin
Andres Krapf
Damien Fouilleul
David Flynn
Sebastien Zwickert
Antoine Cellerier
Jérôme Decoodt
Jérome Decoodt
Dylan Yudaken
Eduard Babayan
Eugenio Jarosiewicz
Elliot Murphy
Eric Petit
Erwan Tulou
Etienne Membrives
Ludovic Fauvet
Fabio Ritrovato
Tobias Güntner
Jakub Wieczorek
Frédéric Crozat
Francois Cartegnie
Laurent Aimar
Florian G. Pflug
Felix Paul Kühne
Frank Enderle
Rafaël Carré
Simon Latapie
Gildas Bazin
Geoffroy Couprie
Julien / Gellule
Gildas Bazin
Arnaud Schauly
Toralf Niebuhr
Vicente Jimenez Aguilar
Derk-Jan Hartman
Henri Fallon
Ilkka Ollakka
Olivier Teulière
Rémi Duraffort
Jakob Leben
Jean-Baptiste Kempf
Jean-Paul Saman
Jean-Philippe Grimaldi
Jean-François Massol
Gaël Hendryckx
Jakob Leben
Jean-Marc Dressler
Jai Menon
Johan Bilien
Johann Ransay
Joris van Rooij
JP Dinger
Jean-Philippe André
Adrien Grand
Juha Jeronen
Juho Vähä-Herttua
Kaarlo Raiha
Kaarlo Raiha
Kamil Baldyga
Keary Griffin
Ken Self
KO Myung-Hun
Pierre Ynard
Filippo Carone
Loïc Minier
Luca Barbato
Lucas C. Villa Real
Lukas Durfina
Adrien Maglo
Marc Ariberti
Mark Lee
Mark Moriarty
Martin Storsjö
Christophe Massiot
Michel Kaempf
Marian Ďurkovič
Mirsal Ennaime
Carlo Calabrò
Damien Lucas
Naohiro Koriyama
Basos G
Pierre Baillet
Vincent Penquerc'h
Olivier Aubert
Pankaj Yadav
Paul Corke
Pierre d'Herbemont
Philippe Morin
Antoine Lejeune
Michael Ploujnikov
Jean-Marc Dressler
Michael Hanselmann
Rafaël Carré
Ramiro Polla
Rémi Denis-Courmont
Renaud Dartus
Richard Shepherd
Faustino Osuna
Arnaud Vallat
Rob Jonson
Robert Jedrzejczyk
Steve Lhomme
Rocky Bernstein
Romain Goyet
Rov Juvano
Sam Hocevar
Martin T. H. Sandsmark
Sebastian Birk
Sébastien Escudier
Vincent Seguin
Fabio Ritrovato
Sigmund Augdal Helberg
Casian Andrei
Srikanth Raju
Hannes Domani
Stéphane Borel
Stephan Krempel
Stephan Assmus
Tony Castley
Pavlov Konstantin
Eric Petit
Tanguy Krotoff
Dennis van Amerongen
Michel Lespinasse
Can Wu
Xavier Marchesini
Sébastien Toque
Christophe Mutricy
Yoann Peronneau
Yohann Martineau
Yuval Tze
Scott Caudle
Clément Stenac
It is possible, that some minor piece of code was badly tracked, for
some reasons (SVN, mainly) or that some small developers did not answer.
However, as an "œuvre collective", defined as in "CPI 113-2 alinéa 3",
and seeing "Cour. Cass. 17 Mai 1978", and seeing that the editor and
the very vast majority of developers have agreed (> 99.99% of the code,
> 99% of developers), we are fine here.
2011-11-27 21:44:15 +01:00
|
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
|
|
* along with this program; if not, write to the Free Software Foundation,
|
|
|
|
* Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
|
2009-07-22 01:06:38 +02:00
|
|
|
*****************************************************************************/
|
|
|
|
|
|
|
|
/*****************************************************************************
|
|
|
|
* Preamble
|
|
|
|
*****************************************************************************/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <vlc_common.h>
|
|
|
|
#include <vlc_http.h>
|
|
|
|
#include <vlc_md5.h>
|
|
|
|
#include <vlc_rand.h>
|
|
|
|
#include <vlc_strings.h>
|
|
|
|
|
|
|
|
#include "libvlc.h"
|
|
|
|
|
|
|
|
|
|
|
|
/*****************************************************************************
|
|
|
|
* "RFC 2617: Basic and Digest Access Authentication" header parsing
|
|
|
|
*****************************************************************************/
|
|
|
|
static char *AuthGetParam( const char *psz_header, const char *psz_param )
|
|
|
|
{
|
|
|
|
char psz_what[strlen(psz_param)+3];
|
|
|
|
sprintf( psz_what, "%s=\"", psz_param );
|
|
|
|
psz_header = strstr( psz_header, psz_what );
|
|
|
|
if ( psz_header )
|
|
|
|
{
|
|
|
|
const char *psz_end;
|
|
|
|
psz_header += strlen( psz_what );
|
|
|
|
psz_end = strchr( psz_header, '"' );
|
|
|
|
if ( !psz_end ) /* Invalid since we should have a closing quote */
|
|
|
|
return strdup( psz_header );
|
|
|
|
return strndup( psz_header, psz_end - psz_header );
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static char *AuthGetParamNoQuotes( const char *psz_header, const char *psz_param )
|
|
|
|
{
|
|
|
|
char psz_what[strlen(psz_param)+2];
|
|
|
|
sprintf( psz_what, "%s=", psz_param );
|
|
|
|
psz_header = strstr( psz_header, psz_what );
|
|
|
|
if ( psz_header )
|
|
|
|
{
|
|
|
|
const char *psz_end;
|
|
|
|
psz_header += strlen( psz_what );
|
|
|
|
psz_end = strchr( psz_header, ',' );
|
|
|
|
/* XXX: Do we need to filter out trailing space between the value and
|
|
|
|
* the comma/end of line? */
|
|
|
|
if ( !psz_end ) /* Can be valid if this is the last parameter */
|
|
|
|
return strdup( psz_header );
|
|
|
|
return strndup( psz_header, psz_end - psz_header );
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static char *GenerateCnonce()
|
|
|
|
{
|
|
|
|
char ps_random[32];
|
|
|
|
struct md5_s md5;
|
|
|
|
|
|
|
|
vlc_rand_bytes( ps_random, sizeof( ps_random ) );
|
|
|
|
|
|
|
|
InitMD5( &md5 );
|
|
|
|
AddMD5( &md5, ps_random, sizeof( ps_random ) );
|
|
|
|
EndMD5( &md5 );
|
|
|
|
|
|
|
|
return psz_md5_hash( &md5 );
|
|
|
|
}
|
|
|
|
|
2016-02-02 21:42:53 +01:00
|
|
|
static char *AuthDigest( vlc_object_t *p_this, vlc_http_auth_t *p_auth,
|
2009-07-22 01:06:38 +02:00
|
|
|
const char *psz_method, const char *psz_path,
|
|
|
|
const char *psz_username, const char *psz_password )
|
|
|
|
{
|
|
|
|
char *psz_HA1 = NULL;
|
|
|
|
char *psz_HA2 = NULL;
|
|
|
|
char *psz_ent = NULL;
|
|
|
|
char *psz_result = NULL;
|
|
|
|
char psz_inonce[9];
|
|
|
|
struct md5_s md5;
|
|
|
|
struct md5_s ent;
|
|
|
|
|
|
|
|
if ( p_auth->psz_realm == NULL )
|
|
|
|
{
|
|
|
|
msg_Warn( p_this, "Digest Authentication: "
|
|
|
|
"Mandatory 'realm' value not available" );
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* H(A1) */
|
|
|
|
if ( p_auth->psz_HA1 )
|
|
|
|
{
|
|
|
|
psz_HA1 = strdup( p_auth->psz_HA1 );
|
|
|
|
if ( psz_HA1 == NULL )
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
InitMD5( &md5 );
|
|
|
|
AddMD5( &md5, psz_username, strlen( psz_username ) );
|
|
|
|
AddMD5( &md5, ":", 1 );
|
|
|
|
AddMD5( &md5, p_auth->psz_realm, strlen( p_auth->psz_realm ) );
|
|
|
|
AddMD5( &md5, ":", 1 );
|
|
|
|
AddMD5( &md5, psz_password, strlen( psz_password ) );
|
|
|
|
EndMD5( &md5 );
|
|
|
|
|
|
|
|
psz_HA1 = psz_md5_hash( &md5 );
|
|
|
|
if ( psz_HA1 == NULL )
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
if ( p_auth->psz_algorithm &&
|
|
|
|
strcmp( p_auth->psz_algorithm, "MD5-sess" ) == 0 )
|
|
|
|
{
|
|
|
|
InitMD5( &md5 );
|
|
|
|
AddMD5( &md5, psz_HA1, 32 );
|
|
|
|
AddMD5( &md5, ":", 1 );
|
|
|
|
AddMD5( &md5, p_auth->psz_nonce, strlen( p_auth->psz_nonce ) );
|
|
|
|
AddMD5( &md5, ":", 1 );
|
|
|
|
AddMD5( &md5, p_auth->psz_cnonce, strlen( p_auth->psz_cnonce ) );
|
|
|
|
EndMD5( &md5 );
|
|
|
|
|
|
|
|
free( psz_HA1 );
|
|
|
|
|
|
|
|
psz_HA1 = psz_md5_hash( &md5 );
|
|
|
|
if ( psz_HA1 == NULL )
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
p_auth->psz_HA1 = strdup( psz_HA1 );
|
|
|
|
if ( p_auth->psz_HA1 == NULL )
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* H(A2) */
|
|
|
|
InitMD5( &md5 );
|
|
|
|
if ( *psz_method )
|
|
|
|
AddMD5( &md5, psz_method, strlen( psz_method ) );
|
|
|
|
AddMD5( &md5, ":", 1 );
|
|
|
|
if ( psz_path )
|
|
|
|
AddMD5( &md5, psz_path, strlen( psz_path ) );
|
|
|
|
else
|
|
|
|
AddMD5( &md5, "/", 1 );
|
|
|
|
if ( p_auth->psz_qop && strcmp( p_auth->psz_qop, "auth-int" ) == 0 )
|
|
|
|
{
|
|
|
|
InitMD5( &ent );
|
|
|
|
/* TODO: Support for "qop=auth-int" */
|
|
|
|
AddMD5( &ent, "", 0 );
|
|
|
|
EndMD5( &ent );
|
|
|
|
|
|
|
|
psz_ent = psz_md5_hash( &ent );
|
|
|
|
if ( psz_ent == NULL )
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
AddMD5( &md5, ":", 1 );
|
|
|
|
AddMD5( &md5, psz_ent, 32 );
|
|
|
|
}
|
|
|
|
EndMD5( &md5 );
|
|
|
|
|
|
|
|
psz_HA2 = psz_md5_hash( &md5 );
|
|
|
|
if ( psz_HA2 == NULL )
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
/* Request digest */
|
|
|
|
InitMD5( &md5 );
|
|
|
|
AddMD5( &md5, psz_HA1, 32 );
|
|
|
|
AddMD5( &md5, ":", 1 );
|
|
|
|
AddMD5( &md5, p_auth->psz_nonce, strlen( p_auth->psz_nonce ) );
|
|
|
|
AddMD5( &md5, ":", 1 );
|
|
|
|
if ( p_auth->psz_qop &&
|
|
|
|
( strcmp( p_auth->psz_qop, "auth" ) == 0 ||
|
|
|
|
strcmp( p_auth->psz_qop, "auth-int" ) == 0 ) )
|
|
|
|
{
|
|
|
|
snprintf( psz_inonce, sizeof( psz_inonce ), "%08x", p_auth->i_nonce );
|
|
|
|
AddMD5( &md5, psz_inonce, 8 );
|
|
|
|
AddMD5( &md5, ":", 1 );
|
|
|
|
AddMD5( &md5, p_auth->psz_cnonce, strlen( p_auth->psz_cnonce ) );
|
|
|
|
AddMD5( &md5, ":", 1 );
|
|
|
|
AddMD5( &md5, p_auth->psz_qop, strlen( p_auth->psz_qop ) );
|
|
|
|
AddMD5( &md5, ":", 1 );
|
|
|
|
}
|
|
|
|
AddMD5( &md5, psz_HA2, 32 );
|
|
|
|
EndMD5( &md5 );
|
|
|
|
|
|
|
|
psz_result = psz_md5_hash( &md5 );
|
|
|
|
|
|
|
|
error:
|
|
|
|
free( psz_HA1 );
|
|
|
|
free( psz_HA2 );
|
|
|
|
free( psz_ent );
|
|
|
|
|
|
|
|
return psz_result;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* RFC2617, section 3.2.1 The WWW-Authenticate Response Header
|
|
|
|
*
|
|
|
|
* If a server receives a request for an access-protected object, and an
|
|
|
|
* acceptable Authorization header is not sent, the server responds with a "401
|
|
|
|
* Unauthorized" status code, and a WWW-Authenticate header [...]
|
|
|
|
*/
|
2016-02-02 21:42:53 +01:00
|
|
|
void vlc_http_auth_ParseWwwAuthenticateHeader(
|
|
|
|
vlc_object_t *p_this, vlc_http_auth_t *p_auth,
|
2009-07-22 01:06:38 +02:00
|
|
|
const char *psz_header )
|
|
|
|
{
|
|
|
|
static const char psz_basic_prefix[] = "Basic ";
|
|
|
|
static const char psz_digest_prefix[] = "Digest ";
|
|
|
|
|
|
|
|
/* FIXME: multiple auth methods can be listed (comma separated) */
|
|
|
|
|
|
|
|
if ( strncasecmp( psz_header, psz_basic_prefix,
|
|
|
|
sizeof( psz_basic_prefix ) - 1 ) == 0 )
|
|
|
|
{
|
|
|
|
/* 2 Basic Authentication Scheme */
|
|
|
|
msg_Dbg( p_this, "Using Basic Authentication" );
|
|
|
|
psz_header += sizeof( psz_basic_prefix ) - 1;
|
|
|
|
p_auth->psz_realm = AuthGetParam( psz_header, "realm" );
|
|
|
|
if ( p_auth->psz_realm == NULL )
|
|
|
|
msg_Warn( p_this, "Basic Authentication: "
|
|
|
|
"Mandatory 'realm' parameter is missing" );
|
|
|
|
}
|
|
|
|
else if ( strncasecmp( psz_header, psz_digest_prefix,
|
|
|
|
sizeof( psz_digest_prefix ) - 1 ) == 0 )
|
|
|
|
{
|
|
|
|
/* 3 Digest Access Authentication Scheme */
|
|
|
|
msg_Dbg( p_this, "Using Digest Access Authentication" );
|
|
|
|
|
|
|
|
if ( p_auth->psz_nonce )
|
|
|
|
/* FIXME */
|
|
|
|
return;
|
|
|
|
|
|
|
|
psz_header += sizeof( psz_digest_prefix ) - 1;
|
|
|
|
p_auth->psz_realm = AuthGetParam( psz_header, "realm" );
|
|
|
|
p_auth->psz_domain = AuthGetParam( psz_header, "domain" );
|
|
|
|
p_auth->psz_nonce = AuthGetParam( psz_header, "nonce" );
|
|
|
|
p_auth->psz_opaque = AuthGetParam( psz_header, "opaque" );
|
|
|
|
p_auth->psz_stale = AuthGetParamNoQuotes( psz_header, "stale" );
|
|
|
|
p_auth->psz_algorithm = AuthGetParamNoQuotes( psz_header, "algorithm" );
|
|
|
|
p_auth->psz_qop = AuthGetParam( psz_header, "qop" );
|
|
|
|
p_auth->i_nonce = 0;
|
|
|
|
|
|
|
|
/* printf("realm: |%s|\ndomain: |%s|\nnonce: |%s|\nopaque: |%s|\n"
|
|
|
|
"stale: |%s|\nalgorithm: |%s|\nqop: |%s|\n",
|
|
|
|
p_auth->psz_realm,p_auth->psz_domain,p_auth->psz_nonce,
|
|
|
|
p_auth->psz_opaque,p_auth->psz_stale,p_auth->psz_algorithm,
|
|
|
|
p_auth->psz_qop); */
|
|
|
|
|
|
|
|
if ( p_auth->psz_realm == NULL )
|
|
|
|
msg_Warn( p_this, "Digest Access Authentication: "
|
|
|
|
"Mandatory 'realm' parameter is missing" );
|
|
|
|
if ( p_auth->psz_nonce == NULL )
|
|
|
|
msg_Warn( p_this, "Digest Access Authentication: "
|
|
|
|
"Mandatory 'nonce' parameter is missing" );
|
|
|
|
|
|
|
|
/* FIXME: parse the qop list */
|
|
|
|
if ( p_auth->psz_qop )
|
|
|
|
{
|
|
|
|
char *psz_tmp = strchr( p_auth->psz_qop, ',' );
|
|
|
|
if ( psz_tmp )
|
|
|
|
*psz_tmp = '\0';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
const char *psz_end = strchr( psz_header, ' ' );
|
|
|
|
if ( psz_end )
|
|
|
|
msg_Warn( p_this, "Unknown authentication scheme: '%*s'",
|
2014-04-01 22:21:28 +02:00
|
|
|
(int)(psz_end - psz_header), psz_header );
|
2009-07-22 01:06:38 +02:00
|
|
|
else
|
|
|
|
msg_Warn( p_this, "Unknown authentication scheme: '%s'",
|
|
|
|
psz_header );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* RFC2617, section 3.2.3: The Authentication-Info Header
|
|
|
|
*
|
|
|
|
* The Authentication-Info header is used by the server to communicate some
|
|
|
|
* information regarding the successful authentication in the response.
|
|
|
|
*/
|
2016-02-02 21:42:53 +01:00
|
|
|
int vlc_http_auth_ParseAuthenticationInfoHeader(
|
|
|
|
vlc_object_t *p_this, vlc_http_auth_t *p_auth,
|
2009-07-22 01:06:38 +02:00
|
|
|
const char *psz_header, const char *psz_method, const char *psz_path,
|
|
|
|
const char *psz_username, const char *psz_password )
|
|
|
|
{
|
|
|
|
char *psz_nextnonce = AuthGetParam( psz_header, "nextnonce" );
|
|
|
|
char *psz_qop = AuthGetParamNoQuotes( psz_header, "qop" );
|
|
|
|
char *psz_rspauth = AuthGetParam( psz_header, "rspauth" );
|
|
|
|
char *psz_cnonce = AuthGetParam( psz_header, "cnonce" );
|
|
|
|
char *psz_nc = AuthGetParamNoQuotes( psz_header, "nc" );
|
|
|
|
char *psz_digest = NULL;
|
|
|
|
int i_err = VLC_SUCCESS;
|
|
|
|
int i_nonce;
|
|
|
|
|
|
|
|
if ( psz_cnonce )
|
|
|
|
{
|
|
|
|
if ( strcmp( psz_cnonce, p_auth->psz_cnonce ) != 0 )
|
|
|
|
{
|
|
|
|
msg_Err( p_this, "HTTP Digest Access Authentication: server "
|
|
|
|
"replied with a different client nonce value." );
|
|
|
|
i_err = VLC_EGENERIC;
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( psz_nc )
|
|
|
|
{
|
|
|
|
i_nonce = strtol( psz_nc, NULL, 16 );
|
|
|
|
|
|
|
|
if ( i_nonce != p_auth->i_nonce )
|
|
|
|
{
|
|
|
|
msg_Err( p_this, "HTTP Digest Access Authentication: server "
|
|
|
|
"replied with a different nonce count "
|
|
|
|
"value." );
|
|
|
|
i_err = VLC_EGENERIC;
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( psz_qop && p_auth->psz_qop &&
|
|
|
|
strcmp( psz_qop, p_auth->psz_qop ) != 0 )
|
|
|
|
msg_Warn( p_this, "HTTP Digest Access Authentication: server "
|
|
|
|
"replied using a different 'quality of "
|
|
|
|
"protection' option" );
|
|
|
|
|
|
|
|
/* All the clear text values match, let's now check the response
|
|
|
|
* digest.
|
|
|
|
*
|
|
|
|
* TODO: Support for "qop=auth-int"
|
|
|
|
*/
|
|
|
|
psz_digest = AuthDigest( p_this, p_auth, psz_method, psz_path,
|
|
|
|
psz_username, psz_password );
|
2017-10-08 11:47:40 +02:00
|
|
|
if( psz_digest == NULL || strcmp( psz_digest, psz_rspauth ) != 0 )
|
2009-07-22 01:06:38 +02:00
|
|
|
{
|
|
|
|
msg_Err( p_this, "HTTP Digest Access Authentication: server "
|
|
|
|
"replied with an invalid response digest "
|
|
|
|
"(expected value: %s).", psz_digest );
|
|
|
|
i_err = VLC_EGENERIC;
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( psz_nextnonce )
|
|
|
|
{
|
|
|
|
free( p_auth->psz_nonce );
|
|
|
|
p_auth->psz_nonce = psz_nextnonce;
|
|
|
|
psz_nextnonce = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
error:
|
|
|
|
free( psz_nextnonce );
|
|
|
|
free( psz_qop );
|
|
|
|
free( psz_rspauth );
|
|
|
|
free( psz_cnonce );
|
|
|
|
free( psz_nc );
|
|
|
|
free( psz_digest );
|
|
|
|
|
|
|
|
return i_err;
|
|
|
|
}
|
|
|
|
|
2016-02-02 21:42:53 +01:00
|
|
|
char *vlc_http_auth_FormatAuthorizationHeader(
|
|
|
|
vlc_object_t *p_this, vlc_http_auth_t *p_auth,
|
2009-07-22 01:06:38 +02:00
|
|
|
const char *psz_method, const char *psz_path,
|
|
|
|
const char *psz_username, const char *psz_password )
|
|
|
|
{
|
|
|
|
char *psz_result = NULL;
|
|
|
|
char *psz_buffer = NULL;
|
|
|
|
char *psz_base64 = NULL;
|
|
|
|
int i_rc;
|
|
|
|
|
|
|
|
if ( p_auth->psz_nonce )
|
|
|
|
{
|
|
|
|
/* Digest Access Authentication */
|
|
|
|
if ( p_auth->psz_algorithm &&
|
|
|
|
strcmp( p_auth->psz_algorithm, "MD5" ) != 0 &&
|
|
|
|
strcmp( p_auth->psz_algorithm, "MD5-sess" ) != 0 )
|
|
|
|
{
|
|
|
|
msg_Err( p_this, "Digest Access Authentication: "
|
|
|
|
"Unknown algorithm '%s'", p_auth->psz_algorithm );
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ( p_auth->psz_qop != NULL || p_auth->psz_cnonce == NULL )
|
|
|
|
{
|
|
|
|
free( p_auth->psz_cnonce );
|
|
|
|
|
|
|
|
p_auth->psz_cnonce = GenerateCnonce();
|
|
|
|
if ( p_auth->psz_cnonce == NULL )
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
++p_auth->i_nonce;
|
|
|
|
|
|
|
|
psz_buffer = AuthDigest( p_this, p_auth, psz_method, psz_path,
|
|
|
|
psz_username, psz_password );
|
|
|
|
if ( psz_buffer == NULL )
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
i_rc = asprintf( &psz_result,
|
|
|
|
"Digest "
|
|
|
|
/* Mandatory parameters */
|
|
|
|
"username=\"%s\", "
|
|
|
|
"realm=\"%s\", "
|
|
|
|
"nonce=\"%s\", "
|
|
|
|
"uri=\"%s\", "
|
|
|
|
"response=\"%s\", "
|
|
|
|
/* Optional parameters */
|
|
|
|
"%s%s%s" /* algorithm */
|
|
|
|
"%s%s%s" /* cnonce */
|
|
|
|
"%s%s%s" /* opaque */
|
|
|
|
"%s%s%s" /* message qop */
|
2014-11-14 18:33:24 +01:00
|
|
|
"%s=\"%08x\"", /* nonce count */
|
2009-07-22 01:06:38 +02:00
|
|
|
/* Mandatory parameters */
|
|
|
|
psz_username,
|
|
|
|
p_auth->psz_realm,
|
|
|
|
p_auth->psz_nonce,
|
|
|
|
psz_path ? psz_path : "/",
|
|
|
|
psz_buffer,
|
|
|
|
/* Optional parameters */
|
|
|
|
p_auth->psz_algorithm ? "algorithm=\"" : "",
|
|
|
|
p_auth->psz_algorithm ? p_auth->psz_algorithm : "",
|
|
|
|
p_auth->psz_algorithm ? "\", " : "",
|
|
|
|
p_auth->psz_cnonce ? "cnonce=\"" : "",
|
|
|
|
p_auth->psz_cnonce ? p_auth->psz_cnonce : "",
|
|
|
|
p_auth->psz_cnonce ? "\", " : "",
|
|
|
|
p_auth->psz_opaque ? "opaque=\"" : "",
|
|
|
|
p_auth->psz_opaque ? p_auth->psz_opaque : "",
|
|
|
|
p_auth->psz_opaque ? "\", " : "",
|
|
|
|
p_auth->psz_qop ? "qop=\"" : "",
|
|
|
|
p_auth->psz_qop ? p_auth->psz_qop : "",
|
|
|
|
p_auth->psz_qop ? "\", " : "",
|
|
|
|
/* "uglyhack" will be parsed as an unhandled extension */
|
2014-11-14 18:33:24 +01:00
|
|
|
p_auth->i_nonce ? "nc" : "uglyhack",
|
|
|
|
p_auth->i_nonce
|
2009-07-22 01:06:38 +02:00
|
|
|
);
|
|
|
|
if ( i_rc < 0 )
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* Basic Access Authentication */
|
|
|
|
i_rc = asprintf( &psz_buffer, "%s:%s", psz_username, psz_password );
|
|
|
|
if ( i_rc < 0 )
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
psz_base64 = vlc_b64_encode( psz_buffer );
|
|
|
|
if ( psz_base64 == NULL )
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
i_rc = asprintf( &psz_result, "Basic %s", psz_base64 );
|
|
|
|
if ( i_rc < 0 )
|
|
|
|
goto error;
|
|
|
|
}
|
|
|
|
|
|
|
|
error:
|
|
|
|
free( psz_buffer );
|
|
|
|
free( psz_base64 );
|
|
|
|
|
|
|
|
return psz_result;
|
|
|
|
}
|
|
|
|
|
2016-02-02 21:42:53 +01:00
|
|
|
void vlc_http_auth_Init( vlc_http_auth_t *p_auth )
|
2009-07-22 01:06:38 +02:00
|
|
|
{
|
|
|
|
memset( p_auth, 0, sizeof( *p_auth ) );
|
|
|
|
}
|
|
|
|
|
2016-02-02 21:45:42 +01:00
|
|
|
void vlc_http_auth_Deinit( vlc_http_auth_t *p_auth )
|
2009-07-22 01:06:38 +02:00
|
|
|
{
|
2016-02-02 21:45:42 +01:00
|
|
|
free( p_auth->psz_realm );
|
|
|
|
free( p_auth->psz_domain );
|
|
|
|
free( p_auth->psz_nonce );
|
|
|
|
free( p_auth->psz_opaque );
|
|
|
|
free( p_auth->psz_stale );
|
|
|
|
free( p_auth->psz_algorithm );
|
|
|
|
free( p_auth->psz_qop );
|
|
|
|
free( p_auth->psz_cnonce );
|
|
|
|
free( p_auth->psz_HA1 );
|
2009-07-22 01:06:38 +02:00
|
|
|
}
|