+
+}
+
+/*****************************************************************************
+ * Cookies (FIXME: we may want to rewrite that using a nice structure to hold
+ * them) (FIXME: only support the "domain=" param)
+ *****************************************************************************/
+
+/* Get the NAME=VALUE part of the Cookie */
+static char * cookie_get_content( const char * cookie )
+{
+ char * ret = strdup( cookie );
+ if( !ret ) return NULL;
+ char * str = ret;
+ /* Look for a ';' */
+ while( *str && *str != ';' ) str++;
+ /* Replace it by a end-char */
+ if( *str == ';' ) *str = 0;
+ return ret;
+}
+
+/* Get the domain where the cookie is stored */
+static char * cookie_get_domain( const char * cookie )
+{
+ const char * str = cookie;
+ static const char domain[] = "domain=";
+ if( !str )
+ return NULL;
+ /* Look for a ';' */
+ while( *str )
+ {
+ if( !strncmp( str, domain, sizeof(domain) - 1 /* minus \0 */ ) )
+ {
+ str += sizeof(domain) - 1 /* minus \0 */;
+ char * ret = strdup( str );
+ /* Now remove the next ';' if present */
+ char * ret_iter = ret;
+ while( *ret_iter && *ret_iter != ';' ) ret_iter++;
+ if( *ret_iter == ';' )
+ *ret_iter = 0;
+ return ret;
+ }
+ /* Go to next ';' field */
+ while( *str && *str != ';' ) str++;
+ if( *str == ';' ) str++;
+ /* skip blank */
+ while( *str && *str == ' ' ) str++;
+ }
+ return NULL;
+}
+
+/* Get NAME in the NAME=VALUE field */
+static char * cookie_get_name( const char * cookie )
+{
+ char * ret = cookie_get_content( cookie ); /* NAME=VALUE */
+ if( !ret ) return NULL;
+ char * str = ret;
+ while( *str && *str != '=' ) str++;
+ *str = 0;
+ return ret;
+}
+
+/* Add a cookie in cookies, checking to see how it should be added */
+static void cookie_append( vlc_array_t * cookies, char * cookie )
+{
+ int i;
+
+ if( !cookie )
+ return;
+
+ char * cookie_name = cookie_get_name( cookie );
+
+ /* Don't send invalid cookies */
+ if( !cookie_name )
+ return;
+
+ char * cookie_domain = cookie_get_domain( cookie );
+ for( i = 0; i < vlc_array_count( cookies ); i++ )
+ {
+ char * current_cookie = vlc_array_item_at_index( cookies, i );
+ char * current_cookie_name = cookie_get_name( current_cookie );
+ char * current_cookie_domain = cookie_get_domain( current_cookie );
+
+ assert( current_cookie_name );
+
+ bool is_domain_matching = ( cookie_domain && current_cookie_domain &&
+ !strcmp( cookie_domain, current_cookie_domain ) );
+
+ if( is_domain_matching && !strcmp( cookie_name, current_cookie_name ) )
+ {
+ /* Remove previous value for this cookie */
+ free( current_cookie );
+ vlc_array_remove( cookies, i );
+
+ /* Clean */
+ free( current_cookie_name );
+ free( current_cookie_domain );
+ break;
+ }
+ free( current_cookie_name );
+ free( current_cookie_domain );
+ }
+ free( cookie_name );
+ free( cookie_domain );
+ vlc_array_append( cookies, cookie );
+}
+
+/*****************************************************************************
+ * "RFC 2617: Basic and Digest Access Authentication" header parsing
+ *****************************************************************************/
+static char *AuthGetParam( const char *psz_header, const char *psz_param )
+{
+ char psz_what[strlen(psz_param)+3];
+ sprintf( psz_what, "%s=\"", psz_param );
+ psz_header = strstr( psz_header, psz_what );
+ if( psz_header )
+ {
+ const char *psz_end;
+ psz_header += strlen( psz_what );
+ psz_end = strchr( psz_header, '"' );
+ if( !psz_end ) /* Invalid since we should have a closing quote */
+ return strdup( psz_header );
+ return strndup( psz_header, psz_end - psz_header );
+ }
+ else
+ {
+ return NULL;
+ }
+}
+
+static char *AuthGetParamNoQuotes( const char *psz_header, const char *psz_param )
+{
+ char psz_what[strlen(psz_param)+2];
+ sprintf( psz_what, "%s=", psz_param );
+ psz_header = strstr( psz_header, psz_what );
+ if( psz_header )
+ {
+ const char *psz_end;
+ psz_header += strlen( psz_what );
+ psz_end = strchr( psz_header, ',' );
+ /* XXX: Do we need to filter out trailing space between the value and
+ * the comma/end of line? */
+ if( !psz_end ) /* Can be valid if this is the last parameter */
+ return strdup( psz_header );
+ return strndup( psz_header, psz_end - psz_header );
+ }
+ else
+ {
+ return NULL;
+ }
+}
+
+static void AuthParseHeader( access_t *p_access, const char *psz_header,
+ http_auth_t *p_auth )
+{
+ /* FIXME: multiple auth methods can be listed (comma seperated) */
+
+ /* 2 Basic Authentication Scheme */
+ if( !strncasecmp( psz_header, "Basic ", strlen( "Basic " ) ) )
+ {
+ msg_Dbg( p_access, "Using Basic Authentication" );
+ psz_header += strlen( "Basic " );
+ p_auth->psz_realm = AuthGetParam( psz_header, "realm" );
+ if( !p_auth->psz_realm )
+ msg_Warn( p_access, "Basic Authentication: "
+ "Mandatory 'realm' parameter is missing" );
+ }
+ /* 3 Digest Access Authentication Scheme */
+ else if( !strncasecmp( psz_header, "Digest ", strlen( "Digest " ) ) )
+ {
+ msg_Dbg( p_access, "Using Digest Access Authentication" );
+ if( p_auth->psz_nonce ) return; /* FIXME */
+ psz_header += strlen( "Digest " );
+ p_auth->psz_realm = AuthGetParam( psz_header, "realm" );
+ p_auth->psz_domain = AuthGetParam( psz_header, "domain" );
+ p_auth->psz_nonce = AuthGetParam( psz_header, "nonce" );
+ p_auth->psz_opaque = AuthGetParam( psz_header, "opaque" );
+ p_auth->psz_stale = AuthGetParamNoQuotes( psz_header, "stale" );
+ p_auth->psz_algorithm = AuthGetParamNoQuotes( psz_header, "algorithm" );
+ p_auth->psz_qop = AuthGetParam( psz_header, "qop" );
+ p_auth->i_nonce = 0;
+ /* printf("realm: |%s|\ndomain: |%s|\nnonce: |%s|\nopaque: |%s|\n"
+ "stale: |%s|\nalgorithm: |%s|\nqop: |%s|\n",
+ p_auth->psz_realm,p_auth->psz_domain,p_auth->psz_nonce,
+ p_auth->psz_opaque,p_auth->psz_stale,p_auth->psz_algorithm,
+ p_auth->psz_qop); */
+ if( !p_auth->psz_realm )
+ msg_Warn( p_access, "Digest Access Authentication: "
+ "Mandatory 'realm' parameter is missing" );
+ if( !p_auth->psz_nonce )
+ msg_Warn( p_access, "Digest Access Authentication: "
+ "Mandatory 'nonce' parameter is missing" );
+ if( p_auth->psz_qop ) /* FIXME: parse the qop list */
+ {
+ char *psz_tmp = strchr( p_auth->psz_qop, ',' );
+ if( psz_tmp ) *psz_tmp = '\0';
+ }
+ }
+ else
+ {
+ const char *psz_end = strchr( psz_header, ' ' );
+ if( psz_end )
+ msg_Warn( p_access, "Unknown authentication scheme: '%*s'",
+ psz_end - psz_header, psz_header );
+ else
+ msg_Warn( p_access, "Unknown authentication scheme: '%s'",
+ psz_header );
+ }
+}
+
+static char *AuthDigest( access_t *p_access, vlc_url_t *p_url,
+ http_auth_t *p_auth, const char *psz_method )
+{
+ (void)p_access;
+ const char *psz_username = p_url->psz_username ?: "";
+ const char *psz_password = p_url->psz_password ?: "";
+
+ char *psz_HA1 = NULL;
+ char *psz_HA2 = NULL;
+ char *psz_response = NULL;
+ struct md5_s md5;
+
+ /* H(A1) */
+ if( p_auth->psz_HA1 )
+ {
+ psz_HA1 = strdup( p_auth->psz_HA1 );
+ if( !psz_HA1 ) goto error;
+ }
+ else
+ {
+ InitMD5( &md5 );
+ AddMD5( &md5, psz_username, strlen( psz_username ) );
+ AddMD5( &md5, ":", 1 );
+ AddMD5( &md5, p_auth->psz_realm, strlen( p_auth->psz_realm ) );
+ AddMD5( &md5, ":", 1 );
+ AddMD5( &md5, psz_password, strlen( psz_password ) );
+ EndMD5( &md5 );
+
+ psz_HA1 = psz_md5_hash( &md5 );
+ if( !psz_HA1 ) goto error;
+
+ if( p_auth->psz_algorithm
+ && !strcmp( p_auth->psz_algorithm, "MD5-sess" ) )
+ {
+ InitMD5( &md5 );
+ AddMD5( &md5, psz_HA1, 32 );
+ free( psz_HA1 );
+ AddMD5( &md5, ":", 1 );
+ AddMD5( &md5, p_auth->psz_nonce, strlen( p_auth->psz_nonce ) );
+ AddMD5( &md5, ":", 1 );
+ AddMD5( &md5, p_auth->psz_cnonce, strlen( p_auth->psz_cnonce ) );
+ EndMD5( &md5 );
+
+ psz_HA1 = psz_md5_hash( &md5 );
+ if( !psz_HA1 ) goto error;
+ p_auth->psz_HA1 = strdup( psz_HA1 );
+ if( !p_auth->psz_HA1 ) goto error;
+ }
+ }
+
+ /* H(A2) */
+ InitMD5( &md5 );
+ if( *psz_method )
+ AddMD5( &md5, psz_method, strlen( psz_method ) );
+ AddMD5( &md5, ":", 1 );
+ if( p_url->psz_path )
+ AddMD5( &md5, p_url->psz_path, strlen( p_url->psz_path ) );
+ else
+ AddMD5( &md5, "/", 1 );
+ if( p_auth->psz_qop && !strcmp( p_auth->psz_qop, "auth-int" ) )
+ {
+ char *psz_ent;
+ struct md5_s ent;
+ InitMD5( &ent );
+ AddMD5( &ent, "", 0 ); /* XXX: entity-body. should be ok for GET */
+ EndMD5( &ent );
+ psz_ent = psz_md5_hash( &ent );
+ if( !psz_ent ) goto error;
+ AddMD5( &md5, ":", 1 );
+ AddMD5( &md5, psz_ent, 32 );
+ free( psz_ent );
+ }
+ EndMD5( &md5 );
+ psz_HA2 = psz_md5_hash( &md5 );
+ if( !psz_HA2 ) goto error;
+
+ /* Request digest */
+ InitMD5( &md5 );
+ AddMD5( &md5, psz_HA1, 32 );
+ AddMD5( &md5, ":", 1 );
+ AddMD5( &md5, p_auth->psz_nonce, strlen( p_auth->psz_nonce ) );
+ AddMD5( &md5, ":", 1 );
+ if( p_auth->psz_qop
+ && ( !strcmp( p_auth->psz_qop, "auth" )
+ || !strcmp( p_auth->psz_qop, "auth-int" ) ) )
+ {
+ char psz_inonce[9];
+ snprintf( psz_inonce, 9, "%08x", p_auth->i_nonce );
+ AddMD5( &md5, psz_inonce, 8 );
+ AddMD5( &md5, ":", 1 );
+ AddMD5( &md5, p_auth->psz_cnonce, strlen( p_auth->psz_cnonce ) );
+ AddMD5( &md5, ":", 1 );
+ AddMD5( &md5, p_auth->psz_qop, strlen( p_auth->psz_qop ) );
+ AddMD5( &md5, ":", 1 );
+ }
+ AddMD5( &md5, psz_HA2, 32 );
+ EndMD5( &md5 );
+ psz_response = psz_md5_hash( &md5 );
+
+ error:
+ free( psz_HA1 );
+ free( psz_HA2 );
+ return psz_response;
+}
+
+
+static void AuthReply( access_t *p_access, const char *psz_prefix,
+ vlc_url_t *p_url, http_auth_t *p_auth )
+{
+ access_sys_t *p_sys = p_access->p_sys;
+ v_socket_t *pvs = p_sys->p_vs;
+
+ const char *psz_username = p_url->psz_username ?: "";
+ const char *psz_password = p_url->psz_password ?: "";
+
+ if( p_auth->psz_nonce )
+ {
+ /* Digest Access Authentication */
+ char *psz_response;
+
+ if( p_auth->psz_algorithm
+ && strcmp( p_auth->psz_algorithm, "MD5" )
+ && strcmp( p_auth->psz_algorithm, "MD5-sess" ) )
+ {
+ msg_Err( p_access, "Digest Access Authentication: "
+ "Unknown algorithm '%s'", p_auth->psz_algorithm );
+ return;
+ }
+
+ if( p_auth->psz_qop || !p_auth->psz_cnonce )
+ {
+ /* FIXME: needs to be really random to prevent man in the middle
+ * attacks */
+ free( p_auth->psz_cnonce );
+ p_auth->psz_cnonce = strdup( "Some random string FIXME" );
+ }
+ p_auth->i_nonce ++;
+
+ psz_response = AuthDigest( p_access, p_url, p_auth, "GET" );
+ if( !psz_response ) return;
+
+ net_Printf( VLC_OBJECT(p_access), p_sys->fd, pvs,
+ "%sAuthorization: Digest "
+ /* Mandatory parameters */
+ "username=\"%s\", "
+ "realm=\"%s\", "
+ "nonce=\"%s\", "
+ "uri=\"%s\", "
+ "response=\"%s\", "
+ /* Optional parameters */
+ "%s%s%s" /* algorithm */
+ "%s%s%s" /* cnonce */
+ "%s%s%s" /* opaque */
+ "%s%s%s" /* message qop */
+ "%s%08x%s" /* nonce count */
+ "\r\n",
+ /* Mandatory parameters */
+ psz_prefix,
+ psz_username,
+ p_auth->psz_realm,
+ p_auth->psz_nonce,
+ p_url->psz_path ?: "/",
+ psz_response,
+ /* Optional parameters */
+ p_auth->psz_algorithm ? "algorithm=\"" : "",
+ p_auth->psz_algorithm ?: "",
+ p_auth->psz_algorithm ? "\", " : "",
+ p_auth->psz_cnonce ? "cnonce=\"" : "",
+ p_auth->psz_cnonce ?: "",
+ p_auth->psz_cnonce ? "\", " : "",
+ p_auth->psz_opaque ? "opaque=\"" : "",
+ p_auth->psz_opaque ?: "",
+ p_auth->psz_opaque ? "\", " : "",
+ p_auth->psz_qop ? "qop=\"" : "",
+ p_auth->psz_qop ?: "",
+ p_auth->psz_qop ? "\", " : "",
+ p_auth->i_nonce ? "nc=\"" : "uglyhack=\"", /* Will be parsed as an unhandled extension */
+ p_auth->i_nonce,
+ p_auth->i_nonce ? "\"" : "\""
+ );
+
+ free( psz_response );
+ }
+ else
+ {
+ /* Basic Access Authentication */
+ char buf[strlen( psz_username ) + strlen( psz_password ) + 2];
+ char *b64;
+
+ snprintf( buf, sizeof( buf ), "%s:%s", psz_username, psz_password );
+ b64 = vlc_b64_encode( buf );
+
+ if( b64 != NULL )
+ {
+ net_Printf( VLC_OBJECT(p_access), p_sys->fd, pvs,
+ "%sAuthorization: Basic %s\r\n", psz_prefix, b64 );
+ free( b64 );
+ }
+ }
+}
+
+static int AuthCheckReply( access_t *p_access, const char *psz_header,
+ vlc_url_t *p_url, http_auth_t *p_auth )
+{
+ int i_ret = VLC_EGENERIC;
+ char *psz_nextnonce = AuthGetParam( psz_header, "nextnonce" );
+ char *psz_qop = AuthGetParamNoQuotes( psz_header, "qop" );
+ char *psz_rspauth = AuthGetParam( psz_header, "rspauth" );
+ char *psz_cnonce = AuthGetParam( psz_header, "cnonce" );
+ char *psz_nc = AuthGetParamNoQuotes( psz_header, "nc" );
+
+ if( psz_cnonce )
+ {
+ char *psz_digest;
+
+ if( strcmp( psz_cnonce, p_auth->psz_cnonce ) )
+ {
+ msg_Err( p_access, "HTTP Digest Access Authentication: server replied with a different client nonce value." );
+ goto error;
+ }
+
+ if( psz_nc )
+ {
+ int i_nonce;
+ i_nonce = strtol( psz_nc, NULL, 16 );
+ if( i_nonce != p_auth->i_nonce )
+ {
+ msg_Err( p_access, "HTTP Digest Access Authentication: server replied with a different nonce count value." );
+ goto error;
+ }
+ }
+
+ if( psz_qop && p_auth->psz_qop && strcmp( psz_qop, p_auth->psz_qop ) )
+ msg_Warn( p_access, "HTTP Digest Access Authentication: server replied using a different 'quality of protection' option" );
+
+ /* All the clear text values match, let's now check the response
+ * digest */
+ psz_digest = AuthDigest( p_access, p_url, p_auth, "" );
+ if( strcmp( psz_digest, psz_rspauth ) )
+ {
+ msg_Err( p_access, "HTTP Digest Access Authentication: server replied with an invalid response digest (expected value: %s).", psz_digest );
+ free( psz_digest );
+ goto error;
+ }
+ free( psz_digest );
+ }
+
+ if( psz_nextnonce )
+ {
+ free( p_auth->psz_nonce );
+ p_auth->psz_nonce = psz_nextnonce;
+ psz_nextnonce = NULL;
+ }
+
+ i_ret = VLC_SUCCESS;
+ error:
+ free( psz_nextnonce );
+ free( psz_qop );
+ free( psz_rspauth );
+ free( psz_cnonce );
+ free( psz_nc );
+
+ return i_ret;
+}
+
+static void AuthReset( http_auth_t *p_auth )
+{
+ FREENULL( p_auth->psz_realm );
+ FREENULL( p_auth->psz_domain );
+ FREENULL( p_auth->psz_nonce );
+ FREENULL( p_auth->psz_opaque );
+ FREENULL( p_auth->psz_stale );
+ FREENULL( p_auth->psz_algorithm );
+ FREENULL( p_auth->psz_qop );
+ p_auth->i_nonce = 0;
+ FREENULL( p_auth->psz_cnonce );
+ FREENULL( p_auth->psz_HA1 );