- v_socket_t *pvs = p_sys->p_vs;
-
- const char *psz_username = p_url->psz_username ?: "";
- const char *psz_password = p_url->psz_password ?: "";
-
- if( p_auth->psz_nonce )
- {
- /* Digest Access Authentication */
- char *psz_HA1 = NULL;
- char *psz_HA2 = NULL;
- char *psz_response = NULL;
- struct md5_s md5;
-
- if( p_auth->psz_algorithm
- && strcmp( p_auth->psz_algorithm, "MD5" )
- && strcmp( p_auth->psz_algorithm, "MD5-sess" ) )
- {
- msg_Err( p_access, "Digest Access Authentication: "
- "Unknown algorithm '%s'", p_auth->psz_algorithm );
- return;
- }
-
- if( p_auth->psz_qop || !p_auth->psz_cnonce )
- {
- /* FIXME: needs to be really random to prevent man in the middle
- * attacks */
- free( p_auth->psz_cnonce );
- p_auth->psz_cnonce = strdup( "Some random string FIXME" );
- }
- p_auth->i_nonce ++;
-
- /* H(A1) */
- if( p_auth->psz_HA1 )
- {
- psz_HA1 = strdup( p_auth->psz_HA1 );
- if( !psz_HA1 ) goto error;
- }
- else
- {
- InitMD5( &md5 );
- AddMD5( &md5, psz_username, strlen( psz_username ) );
- AddMD5( &md5, ":", 1 );
- AddMD5( &md5, p_auth->psz_realm, strlen( p_auth->psz_realm ) );
- AddMD5( &md5, ":", 1 );
- AddMD5( &md5, psz_password, strlen( psz_password ) );
- EndMD5( &md5 );
-
- psz_HA1 = psz_md5_hash( &md5 );
- if( !psz_HA1 ) goto error;
-
- if( p_auth->psz_algorithm
- && !strcmp( p_auth->psz_algorithm, "MD5-sess" ) )
- {
- InitMD5( &md5 );
- AddMD5( &md5, psz_HA1, 32 );
- free( psz_HA1 );
- AddMD5( &md5, ":", 1 );
- AddMD5( &md5, p_auth->psz_nonce, strlen( p_auth->psz_nonce ) );
- AddMD5( &md5, ":", 1 );
- AddMD5( &md5, p_auth->psz_cnonce, strlen( p_auth->psz_cnonce ) );
- EndMD5( &md5 );
-
- psz_HA1 = psz_md5_hash( &md5 );
- if( !psz_HA1 ) goto error;
- p_auth->psz_HA1 = strdup( psz_HA1 );
- if( !p_auth->psz_HA1 ) goto error;
- }
- }
-
- /* H(A2) */
- InitMD5( &md5 );
- AddMD5( &md5, "GET", 3 ); /* FIXME ? */
- AddMD5( &md5, ":", 1 );
- if( p_url->psz_path )
- AddMD5( &md5, p_url->psz_path, strlen( p_url->psz_path ) );
- else
- AddMD5( &md5, "/", 1 );
- if( p_auth->psz_qop && !strcmp( p_auth->psz_qop, "auth-int" ) )
- {
- char *psz_ent;
- struct md5_s ent;
- InitMD5( &ent );
- AddMD5( &ent, "", 0 ); /* XXX: entity-body. should be ok for GET */
- EndMD5( &ent );
- psz_ent = psz_md5_hash( &ent );
- if( !psz_ent ) goto error;
- AddMD5( &md5, ":", 1 );
- AddMD5( &md5, psz_ent, 32 );
- free( psz_ent );
- }
- EndMD5( &md5 );
- psz_HA2 = psz_md5_hash( &md5 );
- if( !psz_HA2 ) goto error;
-
- /* Request digest */
- InitMD5( &md5 );
- AddMD5( &md5, psz_HA1, 32 );
- AddMD5( &md5, ":", 1 );
- AddMD5( &md5, p_auth->psz_nonce, strlen( p_auth->psz_nonce ) );
- AddMD5( &md5, ":", 1 );
- if( p_auth->psz_qop
- && ( !strcmp( p_auth->psz_qop, "auth" )
- || !strcmp( p_auth->psz_qop, "auth-int" ) ) )
- {
- char psz_inonce[9];
- snprintf( psz_inonce, 9, "%08x", p_auth->i_nonce );
- AddMD5( &md5, psz_inonce, 8 );
- AddMD5( &md5, ":", 1 );
- AddMD5( &md5, p_auth->psz_cnonce, strlen( p_auth->psz_cnonce ) );
- AddMD5( &md5, ":", 1 );
- AddMD5( &md5, p_auth->psz_qop, strlen( p_auth->psz_qop ) );
- AddMD5( &md5, ":", 1 );
- }
- AddMD5( &md5, psz_HA2, 32 );
- EndMD5( &md5 );
- psz_response = psz_md5_hash( &md5 );
- if( !psz_response ) goto error;
-
- net_Printf( VLC_OBJECT(p_access), p_sys->fd, pvs,
- "%sAuthorization: Digest "
- /* Mandatory parameters */
- "username=\"%s\", "
- "realm=\"%s\", "
- "nonce=\"%s\", "
- "uri=\"%s\", "
- "response=\"%s\", "
- /* Optional parameters */
- "%s%s%s" /* algorithm */
- "%s%s%s" /* cnonce */
- "%s%s%s" /* opaque */
- "%s%s%s" /* message qop */
- "%s%08x%s" /* nonce count */
- "\r\n",
- /* Mandatory parameters */
- psz_prefix,
- psz_username,
- p_auth->psz_realm,
- p_auth->psz_nonce,
- p_url->psz_path ?: "/",
- psz_response,
- /* Optional parameters */
- p_auth->psz_algorithm ? "algorithm=\"" : "",
- p_auth->psz_algorithm ?: "",
- p_auth->psz_algorithm ? "\", " : "",
- p_auth->psz_cnonce ? "cnonce=\"" : "",
- p_auth->psz_cnonce ?: "",
- p_auth->psz_cnonce ? "\", " : "",
- p_auth->psz_opaque ? "opaque=\"" : "",
- p_auth->psz_opaque ?: "",
- p_auth->psz_opaque ? "\", " : "",
- p_auth->psz_qop ? "qop=\"" : "",
- p_auth->psz_qop ?: "",
- p_auth->psz_qop ? "\", " : "",
- p_auth->i_nonce ? "nc=\"" : "uglyhack=\"", /* Will be parsed as an unhandled extension */
- p_auth->i_nonce,
- p_auth->i_nonce ? "\"" : "\""
- );
-
-
- error:
- free( psz_HA1 );
- free( psz_HA2 );
- free( psz_response );
- }
- else
- {
- /* Basic Access Authentication */
- char buf[strlen( psz_username ) + strlen( psz_password ) + 2];
- char *b64;
-
- snprintf( buf, sizeof( buf ), "%s:%s", psz_username, psz_password );
- b64 = vlc_b64_encode( buf );