FFmpeg
httpauth.c
Go to the documentation of this file.
1 /*
2  * HTTP authentication
3  * Copyright (c) 2010 Martin Storsjo
4  *
5  * This file is part of FFmpeg.
6  *
7  * FFmpeg is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2.1 of the License, or (at your option) any later version.
11  *
12  * FFmpeg is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with FFmpeg; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20  */
21 
22 #include "httpauth.h"
23 #include "libavutil/base64.h"
24 #include "libavutil/avstring.h"
25 #include "internal.h"
26 #include "libavutil/random_seed.h"
27 #include "libavutil/md5.h"
28 #include "urldecode.h"
29 
30 static void handle_basic_params(HTTPAuthState *state, const char *key,
31  int key_len, char **dest, int *dest_len)
32 {
33  if (!strncmp(key, "realm=", key_len)) {
34  *dest = state->realm;
35  *dest_len = sizeof(state->realm);
36  }
37 }
38 
39 static void handle_digest_params(HTTPAuthState *state, const char *key,
40  int key_len, char **dest, int *dest_len)
41 {
42  DigestParams *digest = &state->digest_params;
43 
44  if (!strncmp(key, "realm=", key_len)) {
45  *dest = state->realm;
46  *dest_len = sizeof(state->realm);
47  } else if (!strncmp(key, "nonce=", key_len)) {
48  *dest = digest->nonce;
49  *dest_len = sizeof(digest->nonce);
50  } else if (!strncmp(key, "opaque=", key_len)) {
51  *dest = digest->opaque;
52  *dest_len = sizeof(digest->opaque);
53  } else if (!strncmp(key, "algorithm=", key_len)) {
54  *dest = digest->algorithm;
55  *dest_len = sizeof(digest->algorithm);
56  } else if (!strncmp(key, "qop=", key_len)) {
57  *dest = digest->qop;
58  *dest_len = sizeof(digest->qop);
59  } else if (!strncmp(key, "stale=", key_len)) {
60  *dest = digest->stale;
61  *dest_len = sizeof(digest->stale);
62  }
63 }
64 
65 static void handle_digest_update(HTTPAuthState *state, const char *key,
66  int key_len, char **dest, int *dest_len)
67 {
68  DigestParams *digest = &state->digest_params;
69 
70  if (!strncmp(key, "nextnonce=", key_len)) {
71  *dest = digest->nonce;
72  *dest_len = sizeof(digest->nonce);
73  }
74 }
75 
76 static void choose_qop(char *qop, int size)
77 {
78  char *ptr = strstr(qop, "auth");
79  char *end = ptr + strlen("auth");
80 
81  if (ptr && (!*end || av_isspace(*end) || *end == ',') &&
82  (ptr == qop || av_isspace(ptr[-1]) || ptr[-1] == ',')) {
83  av_strlcpy(qop, "auth", size);
84  } else {
85  qop[0] = 0;
86  }
87 }
88 
90  const char *value)
91 {
92  if (!av_strcasecmp(key, "WWW-Authenticate") || !av_strcasecmp(key, "Proxy-Authenticate")) {
93  const char *p;
94  if (av_stristart(value, "Basic ", &p) &&
95  state->auth_type <= HTTP_AUTH_BASIC) {
96  state->auth_type = HTTP_AUTH_BASIC;
97  state->realm[0] = 0;
98  state->stale = 0;
100  state);
101  } else if (av_stristart(value, "Digest ", &p) &&
102  state->auth_type <= HTTP_AUTH_DIGEST) {
103  state->auth_type = HTTP_AUTH_DIGEST;
104  memset(&state->digest_params, 0, sizeof(DigestParams));
105  state->realm[0] = 0;
106  state->stale = 0;
108  state);
109  choose_qop(state->digest_params.qop,
110  sizeof(state->digest_params.qop));
111  if (!av_strcasecmp(state->digest_params.stale, "true"))
112  state->stale = 1;
113  }
114  } else if (!av_strcasecmp(key, "Authentication-Info")) {
116  state);
117  }
118 }
119 
120 
121 static void update_md5_strings(struct AVMD5 *md5ctx, ...)
122 {
123  va_list vl;
124 
125  va_start(vl, md5ctx);
126  while (1) {
127  const char* str = va_arg(vl, const char*);
128  if (!str)
129  break;
130  av_md5_update(md5ctx, str, strlen(str));
131  }
132  va_end(vl);
133 }
134 
135 /* Generate a digest reply, according to RFC 2617. */
136 static char *make_digest_auth(HTTPAuthState *state, const char *username,
137  const char *password, const char *uri,
138  const char *method)
139 {
140  DigestParams *digest = &state->digest_params;
141  int len;
142  uint32_t cnonce_buf[2];
143  char cnonce[17];
144  char nc[9];
145  int i;
146  char A1hash[33], A2hash[33], response[33];
147  struct AVMD5 *md5ctx;
148  uint8_t hash[16];
149  char *authstr;
150 
151  digest->nc++;
152  snprintf(nc, sizeof(nc), "%08x", digest->nc);
153 
154  /* Generate a client nonce. */
155  for (i = 0; i < 2; i++)
156  cnonce_buf[i] = av_get_random_seed();
157  ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1);
158 
159  md5ctx = av_md5_alloc();
160  if (!md5ctx)
161  return NULL;
162 
163  av_md5_init(md5ctx);
164  update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL);
165  av_md5_final(md5ctx, hash);
166  ff_data_to_hex(A1hash, hash, 16, 1);
167 
168  if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {
169  } else if (!strcmp(digest->algorithm, "MD5-sess")) {
170  av_md5_init(md5ctx);
171  update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL);
172  av_md5_final(md5ctx, hash);
173  ff_data_to_hex(A1hash, hash, 16, 1);
174  } else {
175  /* Unsupported algorithm */
176  av_free(md5ctx);
177  return NULL;
178  }
179 
180  av_md5_init(md5ctx);
181  update_md5_strings(md5ctx, method, ":", uri, NULL);
182  av_md5_final(md5ctx, hash);
183  ff_data_to_hex(A2hash, hash, 16, 1);
184 
185  av_md5_init(md5ctx);
186  update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);
187  if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {
188  update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL);
189  }
190  update_md5_strings(md5ctx, ":", A2hash, NULL);
191  av_md5_final(md5ctx, hash);
192  ff_data_to_hex(response, hash, 16, 1);
193 
194  av_free(md5ctx);
195 
196  if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) {
197  } else if (!strcmp(digest->qop, "auth-int")) {
198  /* qop=auth-int not supported */
199  return NULL;
200  } else {
201  /* Unsupported qop value. */
202  return NULL;
203  }
204 
205  len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) +
206  strlen(uri) + strlen(response) + strlen(digest->algorithm) +
207  strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +
208  strlen(nc) + 150;
209 
210  authstr = av_malloc(len);
211  if (!authstr)
212  return NULL;
213  snprintf(authstr, len, "Authorization: Digest ");
214 
215  /* TODO: Escape the quoted strings properly. */
216  av_strlcatf(authstr, len, "username=\"%s\"", username);
217  av_strlcatf(authstr, len, ", realm=\"%s\"", state->realm);
218  av_strlcatf(authstr, len, ", nonce=\"%s\"", digest->nonce);
219  av_strlcatf(authstr, len, ", uri=\"%s\"", uri);
220  av_strlcatf(authstr, len, ", response=\"%s\"", response);
221 
222  // we are violating the RFC and use "" because all others seem to do that too.
223  if (digest->algorithm[0])
224  av_strlcatf(authstr, len, ", algorithm=\"%s\"", digest->algorithm);
225 
226  if (digest->opaque[0])
227  av_strlcatf(authstr, len, ", opaque=\"%s\"", digest->opaque);
228  if (digest->qop[0]) {
229  av_strlcatf(authstr, len, ", qop=\"%s\"", digest->qop);
230  av_strlcatf(authstr, len, ", cnonce=\"%s\"", cnonce);
231  av_strlcatf(authstr, len, ", nc=%s", nc);
232  }
233 
234  av_strlcatf(authstr, len, "\r\n");
235 
236  return authstr;
237 }
238 
240  const char *path, const char *method)
241 {
242  char *authstr = NULL;
243 
244  /* Clear the stale flag, we assume the auth is ok now. It is reset
245  * by the server headers if there's a new issue. */
246  state->stale = 0;
247  if (!auth || !strchr(auth, ':'))
248  return NULL;
249 
250  if (state->auth_type == HTTP_AUTH_BASIC) {
251  int auth_b64_len, len;
252  char *ptr, *decoded_auth = ff_urldecode(auth, 0);
253 
254  if (!decoded_auth)
255  return NULL;
256 
257  auth_b64_len = AV_BASE64_SIZE(strlen(decoded_auth));
258  len = auth_b64_len + 30;
259 
260  authstr = av_malloc(len);
261  if (!authstr) {
262  av_free(decoded_auth);
263  return NULL;
264  }
265 
266  snprintf(authstr, len, "Authorization: Basic ");
267  ptr = authstr + strlen(authstr);
268  av_base64_encode(ptr, auth_b64_len, decoded_auth, strlen(decoded_auth));
269  av_strlcat(ptr, "\r\n", len - (ptr - authstr));
270  av_free(decoded_auth);
271  } else if (state->auth_type == HTTP_AUTH_DIGEST) {
272  char *username = ff_urldecode(auth, 0), *password;
273 
274  if (!username)
275  return NULL;
276 
277  if ((password = strchr(username, ':'))) {
278  *password++ = 0;
279  authstr = make_digest_auth(state, username, password, path, method);
280  }
281  av_free(username);
282  }
283  return authstr;
284 }
HTTP_AUTH_BASIC
@ HTTP_AUTH_BASIC
HTTP 1.0 Basic auth from RFC 1945 (also in RFC 2617)
Definition: httpauth.h:30
av_strcasecmp
int av_strcasecmp(const char *a, const char *b)
Locale-independent case-insensitive compare.
Definition: avstring.c:207
av_isspace
static av_const int av_isspace(int c)
Locale-independent conversion of ASCII isspace.
Definition: avstring.h:218
make_digest_auth
static char * make_digest_auth(HTTPAuthState *state, const char *username, const char *password, const char *uri, const char *method)
Definition: httpauth.c:136
update_md5_strings
static void update_md5_strings(struct AVMD5 *md5ctx,...)
Definition: httpauth.c:121
ff_http_auth_create_response
char * ff_http_auth_create_response(HTTPAuthState *state, const char *auth, const char *path, const char *method)
Definition: httpauth.c:239
hash
uint8_t hash[HASH_SIZE]
Definition: movenc.c:57
av_strlcatf
size_t av_strlcatf(char *dst, size_t size, const char *fmt,...)
Definition: avstring.c:103
av_malloc
#define av_malloc(s)
Definition: tableprint_vlc.h:30
av_get_random_seed
uint32_t av_get_random_seed(void)
Get a seed to use in conjunction with random functions.
Definition: random_seed.c:167
ff_urldecode
char * ff_urldecode(const char *url, int decode_plus_sign)
Decodes an URL from its percent-encoded form back into normal representation.
Definition: urldecode.c:35
ff_data_to_hex
char * ff_data_to_hex(char *buf, const uint8_t *src, int size, int lowercase)
Write hexadecimal string corresponding to given binary data.
Definition: utils.c:455
AVMD5
Definition: md5.c:42
DigestParams::qop
char qop[30]
Quality of protection, containing the one that we've chosen to use, from the alternatives that the se...
Definition: httpauth.h:38
HTTP_AUTH_DIGEST
@ HTTP_AUTH_DIGEST
HTTP 1.1 Digest auth from RFC 2617.
Definition: httpauth.h:32
av_stristart
int av_stristart(const char *str, const char *pfx, const char **ptr)
Return non-zero if pfx is a prefix of str independent of case.
Definition: avstring.c:47
key
const char * key
Definition: hwcontext_opencl.c:189
ff_http_auth_handle_header
void ff_http_auth_handle_header(HTTPAuthState *state, const char *key, const char *value)
Definition: httpauth.c:89
internal.h
handle_digest_params
static void handle_digest_params(HTTPAuthState *state, const char *key, int key_len, char **dest, int *dest_len)
Definition: httpauth.c:39
NULL
#define NULL
Definition: coverity.c:32
DigestParams::nonce
char nonce[300]
Server specified nonce.
Definition: httpauth.h:36
choose_qop
static void choose_qop(char *qop, int size)
Definition: httpauth.c:76
base64.h
HTTPAuthState
HTTP Authentication state structure.
Definition: httpauth.h:55
DigestParams::stale
char stale[10]
The server indicated that the auth was ok, but needs to be redone with a new, non-stale nonce.
Definition: httpauth.h:44
state
static struct @384 state
size
int size
Definition: twinvq_data.h:10344
handle_digest_update
static void handle_digest_update(HTTPAuthState *state, const char *key, int key_len, char **dest, int *dest_len)
Definition: httpauth.c:65
av_md5_init
void av_md5_init(AVMD5 *ctx)
Initialize MD5 hashing.
Definition: md5.c:143
httpauth.h
AV_BASE64_SIZE
#define AV_BASE64_SIZE(x)
Calculate the output size needed to base64-encode x bytes to a null-terminated string.
Definition: base64.h:66
i
#define i(width, name, range_min, range_max)
Definition: cbs_h2645.c:255
handle_basic_params
static void handle_basic_params(HTTPAuthState *state, const char *key, int key_len, char **dest, int *dest_len)
Definition: httpauth.c:30
DigestParams::opaque
char opaque[300]
A server-specified string that should be included in authentication responses, not included in the ac...
Definition: httpauth.h:41
md5.h
value
it s the only field you need to keep assuming you have a context There is some magic you don t need to care about around this just let it vf default value
Definition: writing_filters.txt:86
DigestParams
Definition: httpauth.h:35
len
int len
Definition: vorbis_enc_data.h:426
av_md5_final
void av_md5_final(AVMD5 *ctx, uint8_t *dst)
Finish hashing and output digest value.
Definition: md5.c:188
av_strlcat
size_t av_strlcat(char *dst, const char *src, size_t size)
Append the string src to the string dst, but to a total length of no more than size - 1 bytes,...
Definition: avstring.c:95
DigestParams::nc
int nc
Nonce count, the number of earlier replies where this particular nonce has been used.
Definition: httpauth.h:47
random_seed.h
urldecode.h
av_md5_alloc
struct AVMD5 * av_md5_alloc(void)
Allocate an AVMD5 context.
Definition: md5.c:50
ff_parse_key_val_cb
void(* ff_parse_key_val_cb)(void *context, const char *key, int key_len, char **dest, int *dest_len)
Callback function type for ff_parse_key_value.
Definition: internal.h:576
av_base64_encode
char * av_base64_encode(char *out, int out_size, const uint8_t *in, int in_size)
Encode data to base64 and null-terminate.
Definition: base64.c:145
av_md5_update
void av_md5_update(AVMD5 *ctx, const uint8_t *src, size_t len)
Update hash value.
Definition: md5.c:153
DigestParams::algorithm
char algorithm[10]
Server specified digest algorithm.
Definition: httpauth.h:37
av_free
#define av_free(p)
Definition: tableprint_vlc.h:33
av_strlcpy
size_t av_strlcpy(char *dst, const char *src, size_t size)
Copy the string src to dst, but no more than size - 1 bytes, and null-terminate dst.
Definition: avstring.c:85
avstring.h
snprintf
#define snprintf
Definition: snprintf.h:34
ff_parse_key_value
void ff_parse_key_value(const char *str, ff_parse_key_val_cb callback_get_buf, void *context)
Parse a string with comma-separated key=value pairs.
Definition: utils.c:504