FFmpeg coverage


Directory: ../../../ffmpeg/
File: src/libavformat/httpauth.c
Date: 2022-12-06 04:36:11
Exec Total Coverage
Lines: 0 154 0.0%
Functions: 0 8 0.0%
Branches: 0 92 0.0%

Line Branch Exec Source
1 /*
2 * HTTP authentication
3 * Copyright (c) 2010 Martin Storsjo
4 *
5 * This file is part of FFmpeg.
6 *
7 * FFmpeg is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * FFmpeg is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with FFmpeg; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20 */
21
22 #include "httpauth.h"
23 #include "libavutil/base64.h"
24 #include "libavutil/avstring.h"
25 #include "internal.h"
26 #include "libavutil/random_seed.h"
27 #include "libavutil/md5.h"
28 #include "urldecode.h"
29 #include "avformat.h"
30
31 static void handle_basic_params(HTTPAuthState *state, const char *key,
32 int key_len, char **dest, int *dest_len)
33 {
34 if (!strncmp(key, "realm=", key_len)) {
35 *dest = state->realm;
36 *dest_len = sizeof(state->realm);
37 }
38 }
39
40 static void handle_digest_params(HTTPAuthState *state, const char *key,
41 int key_len, char **dest, int *dest_len)
42 {
43 DigestParams *digest = &state->digest_params;
44
45 if (!strncmp(key, "realm=", key_len)) {
46 *dest = state->realm;
47 *dest_len = sizeof(state->realm);
48 } else if (!strncmp(key, "nonce=", key_len)) {
49 *dest = digest->nonce;
50 *dest_len = sizeof(digest->nonce);
51 } else if (!strncmp(key, "opaque=", key_len)) {
52 *dest = digest->opaque;
53 *dest_len = sizeof(digest->opaque);
54 } else if (!strncmp(key, "algorithm=", key_len)) {
55 *dest = digest->algorithm;
56 *dest_len = sizeof(digest->algorithm);
57 } else if (!strncmp(key, "qop=", key_len)) {
58 *dest = digest->qop;
59 *dest_len = sizeof(digest->qop);
60 } else if (!strncmp(key, "stale=", key_len)) {
61 *dest = digest->stale;
62 *dest_len = sizeof(digest->stale);
63 }
64 }
65
66 static void handle_digest_update(HTTPAuthState *state, const char *key,
67 int key_len, char **dest, int *dest_len)
68 {
69 DigestParams *digest = &state->digest_params;
70
71 if (!strncmp(key, "nextnonce=", key_len)) {
72 *dest = digest->nonce;
73 *dest_len = sizeof(digest->nonce);
74 }
75 }
76
77 static void choose_qop(char *qop, int size)
78 {
79 char *ptr = strstr(qop, "auth");
80 char *end = ptr + strlen("auth");
81
82 if (ptr && (!*end || av_isspace(*end) || *end == ',') &&
83 (ptr == qop || av_isspace(ptr[-1]) || ptr[-1] == ',')) {
84 av_strlcpy(qop, "auth", size);
85 } else {
86 qop[0] = 0;
87 }
88 }
89
90 void ff_http_auth_handle_header(HTTPAuthState *state, const char *key,
91 const char *value)
92 {
93 if (!av_strcasecmp(key, "WWW-Authenticate") || !av_strcasecmp(key, "Proxy-Authenticate")) {
94 const char *p;
95 if (av_stristart(value, "Basic ", &p) &&
96 state->auth_type <= HTTP_AUTH_BASIC) {
97 state->auth_type = HTTP_AUTH_BASIC;
98 state->realm[0] = 0;
99 state->stale = 0;
100 ff_parse_key_value(p, (ff_parse_key_val_cb) handle_basic_params,
101 state);
102 } else if (av_stristart(value, "Digest ", &p) &&
103 state->auth_type <= HTTP_AUTH_DIGEST) {
104 state->auth_type = HTTP_AUTH_DIGEST;
105 memset(&state->digest_params, 0, sizeof(DigestParams));
106 state->realm[0] = 0;
107 state->stale = 0;
108 ff_parse_key_value(p, (ff_parse_key_val_cb) handle_digest_params,
109 state);
110 choose_qop(state->digest_params.qop,
111 sizeof(state->digest_params.qop));
112 if (!av_strcasecmp(state->digest_params.stale, "true"))
113 state->stale = 1;
114 }
115 } else if (!av_strcasecmp(key, "Authentication-Info")) {
116 ff_parse_key_value(value, (ff_parse_key_val_cb) handle_digest_update,
117 state);
118 }
119 }
120
121
122 static void update_md5_strings(struct AVMD5 *md5ctx, ...)
123 {
124 va_list vl;
125
126 va_start(vl, md5ctx);
127 while (1) {
128 const char* str = va_arg(vl, const char*);
129 if (!str)
130 break;
131 av_md5_update(md5ctx, str, strlen(str));
132 }
133 va_end(vl);
134 }
135
136 /* Generate a digest reply, according to RFC 2617. */
137 static char *make_digest_auth(HTTPAuthState *state, const char *username,
138 const char *password, const char *uri,
139 const char *method)
140 {
141 DigestParams *digest = &state->digest_params;
142 int len;
143 uint32_t cnonce_buf[2];
144 char cnonce[17];
145 char nc[9];
146 int i;
147 char A1hash[33], A2hash[33], response[33];
148 struct AVMD5 *md5ctx;
149 uint8_t hash[16];
150 char *authstr;
151
152 digest->nc++;
153 snprintf(nc, sizeof(nc), "%08x", digest->nc);
154
155 /* Generate a client nonce. */
156 for (i = 0; i < 2; i++)
157 cnonce_buf[i] = av_get_random_seed();
158 ff_data_to_hex(cnonce, (const uint8_t*) cnonce_buf, sizeof(cnonce_buf), 1);
159
160 md5ctx = av_md5_alloc();
161 if (!md5ctx)
162 return NULL;
163
164 av_md5_init(md5ctx);
165 update_md5_strings(md5ctx, username, ":", state->realm, ":", password, NULL);
166 av_md5_final(md5ctx, hash);
167 ff_data_to_hex(A1hash, hash, 16, 1);
168
169 if (!strcmp(digest->algorithm, "") || !strcmp(digest->algorithm, "MD5")) {
170 } else if (!strcmp(digest->algorithm, "MD5-sess")) {
171 av_md5_init(md5ctx);
172 update_md5_strings(md5ctx, A1hash, ":", digest->nonce, ":", cnonce, NULL);
173 av_md5_final(md5ctx, hash);
174 ff_data_to_hex(A1hash, hash, 16, 1);
175 } else {
176 /* Unsupported algorithm */
177 av_free(md5ctx);
178 return NULL;
179 }
180
181 av_md5_init(md5ctx);
182 update_md5_strings(md5ctx, method, ":", uri, NULL);
183 av_md5_final(md5ctx, hash);
184 ff_data_to_hex(A2hash, hash, 16, 1);
185
186 av_md5_init(md5ctx);
187 update_md5_strings(md5ctx, A1hash, ":", digest->nonce, NULL);
188 if (!strcmp(digest->qop, "auth") || !strcmp(digest->qop, "auth-int")) {
189 update_md5_strings(md5ctx, ":", nc, ":", cnonce, ":", digest->qop, NULL);
190 }
191 update_md5_strings(md5ctx, ":", A2hash, NULL);
192 av_md5_final(md5ctx, hash);
193 ff_data_to_hex(response, hash, 16, 1);
194
195 av_free(md5ctx);
196
197 if (!strcmp(digest->qop, "") || !strcmp(digest->qop, "auth")) {
198 } else if (!strcmp(digest->qop, "auth-int")) {
199 /* qop=auth-int not supported */
200 return NULL;
201 } else {
202 /* Unsupported qop value. */
203 return NULL;
204 }
205
206 len = strlen(username) + strlen(state->realm) + strlen(digest->nonce) +
207 strlen(uri) + strlen(response) + strlen(digest->algorithm) +
208 strlen(digest->opaque) + strlen(digest->qop) + strlen(cnonce) +
209 strlen(nc) + 150;
210
211 authstr = av_malloc(len);
212 if (!authstr)
213 return NULL;
214 snprintf(authstr, len, "Authorization: Digest ");
215
216 /* TODO: Escape the quoted strings properly. */
217 av_strlcatf(authstr, len, "username=\"%s\"", username);
218 av_strlcatf(authstr, len, ", realm=\"%s\"", state->realm);
219 av_strlcatf(authstr, len, ", nonce=\"%s\"", digest->nonce);
220 av_strlcatf(authstr, len, ", uri=\"%s\"", uri);
221 av_strlcatf(authstr, len, ", response=\"%s\"", response);
222
223 // we are violating the RFC and use "" because all others seem to do that too.
224 if (digest->algorithm[0])
225 av_strlcatf(authstr, len, ", algorithm=\"%s\"", digest->algorithm);
226
227 if (digest->opaque[0])
228 av_strlcatf(authstr, len, ", opaque=\"%s\"", digest->opaque);
229 if (digest->qop[0]) {
230 av_strlcatf(authstr, len, ", qop=\"%s\"", digest->qop);
231 av_strlcatf(authstr, len, ", cnonce=\"%s\"", cnonce);
232 av_strlcatf(authstr, len, ", nc=%s", nc);
233 }
234
235 av_strlcatf(authstr, len, "\r\n");
236
237 return authstr;
238 }
239
240 char *ff_http_auth_create_response(HTTPAuthState *state, const char *auth,
241 const char *path, const char *method)
242 {
243 char *authstr = NULL;
244
245 /* Clear the stale flag, we assume the auth is ok now. It is reset
246 * by the server headers if there's a new issue. */
247 state->stale = 0;
248 if (!auth || !strchr(auth, ':'))
249 return NULL;
250
251 if (state->auth_type == HTTP_AUTH_BASIC) {
252 int auth_b64_len, len;
253 char *ptr, *decoded_auth = ff_urldecode(auth, 0);
254
255 if (!decoded_auth)
256 return NULL;
257
258 auth_b64_len = AV_BASE64_SIZE(strlen(decoded_auth));
259 len = auth_b64_len + 30;
260
261 authstr = av_malloc(len);
262 if (!authstr) {
263 av_free(decoded_auth);
264 return NULL;
265 }
266
267 snprintf(authstr, len, "Authorization: Basic ");
268 ptr = authstr + strlen(authstr);
269 av_base64_encode(ptr, auth_b64_len, decoded_auth, strlen(decoded_auth));
270 av_strlcat(ptr, "\r\n", len - (ptr - authstr));
271 av_free(decoded_auth);
272 } else if (state->auth_type == HTTP_AUTH_DIGEST) {
273 char *username = ff_urldecode(auth, 0), *password;
274
275 if (!username)
276 return NULL;
277
278 if ((password = strchr(username, ':'))) {
279 *password++ = 0;
280 authstr = make_digest_auth(state, username, password, path, method);
281 }
282 av_free(username);
283 }
284 return authstr;
285 }
286